APM - urls in the email are accessible when I launched though OWA session using access policies

Hi,

• VPN SSL mode (with webtop, portal access, rewrite) is to publish multiple ressources behind one public hostname (ssl.domain.com). this deployment use APM CCU Licence and APM Session licence.
• LTM+APM mode (as described in the previous answer) is to add authentication on top of a virtual server. this deployment does not use APM CCU Licence but APM Session licence.

rewrite portal profile use an old (very very old) process from firepass which cause lots of rewriting issues. rewrite split tunneling as proposed by Seth is more complex to configure.

Exchange does not need to rewrite URL. As the OWA is deployed with dans name mail.company.com, I think OWA is the only application published by the Access policy.

so LTM+APM mode :

• is easier to configure
• is more efficient because there is no need to check response page to replace internal URL by https://mail.domain.com/f5-w1232346453429$$/home/init.jsp
• is dedicated for publishing one web ressource which doesn't need rewrite
• is licence free except APM base licence (APM base licence add Max appliance session licence).
• allow to publish Outlook Anywhere, ActiveSync, EWS, OAB with exchange profile

You can configure both modes but i recommend to use LTM+APM mode...