Block access to Activesync with f5.microsoft_exchange_2010_2013_cas.v1.3.0 iapp

Question

Hello, &nbsp;
I am looking to block our external users from using active-sync via our F5 appliance after switching to using the F5 for external access and load balancing for our Exchange 2010 environment. We are using Airwatch for activesync and since installing the F5 for our external email access it now allowing users to access email on a IOS/Android device bypassing Airwatch security. &nbsp;
Thanks for any suggestions!&nbsp;

mikeshimkus_111 · Accepted Answer

Hi Keith, you could create an iRule like this one and attach it to the virtual server using the iApp's advanced mode.  Or, you could modify the pool assignment iRule created by the iApp, however that will require disabling strictness on the deployment.
when HTTP_REQUEST {
    switch -glob -- [string tolower [HTTP::path]] {
        "/microsoft-server-activesync*" {
            drop
        }
    }
}

yann_desmarest · Answer

Hello,&nbsp;
You can use :
- ASM
- LTM policies 
- irules&nbsp;
to block access to /Microsoft-Server-ActiveSync url&nbsp;

keith_fox_15580 · Answer

This appears to be working perfectly, thanks for the quick response!

Forum Discussion

Block access to Activesync with f5.microsoft_exchange_2010_2013_cas.v1.3.0 iapp

3 Replies

Recent Discussions

Custom https health monitor

LTM - Pool members active standby failover

F5OS share APM VPN licence across tenant clusters

HA Sync issue on Active-Active Cluster

Default global parameters in F5 LTM and AFM

Related Content

APM-DHCP Access Policy Example and Detailed Instructions

F5's Access Policy Manager the Access Proxy for Zero Trust Architectures

Unable to access GUI

Access Logs - Invalid Tenant

Accessing TCP Options from iRules