For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

GWil's avatar
GWil
Icon for Nimbostratus rankNimbostratus
Feb 01, 2016

APM - allow ActiveSync, block OWA

Hi all, I've successfully deployed iApp fo Exchange 2013 LTM+APM. Now I would like to create policy that allow or deny access to OWA based on AD groups. Now my policybased on ADquery allow access to ...
application delivery
BIG-IP Access Policy Manager (APM)
iApps
Josiah_39459's avatar
Josiah_39459
Historic F5 Account
Feb 01, 2016

You can identify owa (web browser) vs activesync (microsoft exchange client) using a client check:

 

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-config-11-2-0/apm_config_server_checks.html?sr=51220103205575

 

and you can check AD group membership with AD Query or LDAP Query:

 

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-0-0/4.html?sr=51220171

 

Then it's just a matter of designing your VPE so the Allow and Deny are appropriate for the matches you want.