Forum Discussion
Block Exchange 2013 admin center
I have 2 F5s and I use iapp to provide access to Exchange 2013. I would like to block the Exchange admin console from the outside world. Being very new to the F5 world, I would like to know the best way to do this without interrupting OWA, RDP, OutlookAnywhere.
I am also new to the F5 world, but I agree with mikeshimkus that is is very difficult to separate the ECP traffic between OWA and EAC. However, last year I ran into the same issue for a customer of mine and found this site which provided a good solution to this issue. Since you obviously want to be able to keep your own access to EAC, while removing it from outside access, this may be something to look at.
http://anexinetisg.blogspot.com/2014/06/disable-external-access-of-exchange.html
- mikeshimkus_111Historic F5 Account
Hi, we previously had included an iRule to block access to the EAC from certain client IPs, but it proved unreliable due to not having a consistent way to separate EAC ECP traffic from OWA ECP traffic.
Your best bet will probably be to create a second, internal-only set of OWA and ECP virtual directories with the -AdminEnabled parameter set to true, which is not published on the BIG-IP. You can then set -AdminEnabled to false on your external ECP virtual directory so users accessing their mailboxes can't admin.
Here are a couple of posts on this:
- Mark_Thornton_1Nimbostratus
I am also new to the F5 world, but I agree with mikeshimkus that is is very difficult to separate the ECP traffic between OWA and EAC. However, last year I ran into the same issue for a customer of mine and found this site which provided a good solution to this issue. Since you obviously want to be able to keep your own access to EAC, while removing it from outside access, this may be something to look at.
http://anexinetisg.blogspot.com/2014/06/disable-external-access-of-exchange.html
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com