Forum Discussion
APM/ASM Exchange ActiveSync Brute Force Protection
Hi,
We are facing issue when configuring the Brute Force for Exchange ActiveSync service.
We have virtual server configured with APM Policy and ASM as well.
We tried to bypass the ActiveSync from APM to send the traffic of login page /Microsoft-Server-ActiveSync to ASM to detect the Brute Force Attack but not worked fine.
We tried also to not bypass the activesync from APM and used "Max user attempts" feature on AD Auth Agent to be 3 attempts but didn't worked also
As well as the AD configured to lock the account after 5 attempts so we found that APM didn't force the user to logout after 3 attempts which lead that account was locked on AD
In the same time we can't use google CAPTCHA option as per requirements , so Any help here ? How we can achieve brute force mitigation for ActiveSync when we have APM and ASM in the same virtual server
- Simon_Blakely
Employee
Because APM functionality in the virtual server is processed before the ASM policy, you need to use a layered virtual to process traffic through ASM before passing it to the APM-configured virtual.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com