Forum Discussion

Hawary's avatar
Icon for Nimbostratus rankNimbostratus
Feb 20, 2021

Control access to Exchange services

hi folks,

i would like to control access to mail service ( if user connected from internet, it should not work but allow it from inside network or someone who connected from VPN. i'm thinking of 2 solution,

1- remove the public DNS entry for

2- write a policy or an irule to control access like if the users are trying to access and client IP is of private IPs, allow this connection. else drop the connection (actually, i need your help with the irule.)


thanks in Advance

3 Replies

  • the first option will work if is only used for client access. if it is also used for other email servers to send you email you probably dont want to delete it.


    the second is possible if the F5 BIG-IP is located somewhere to make this possible. does point to the BIG-IP? do internal clients actually connect to it from inside?


    as for the iRule there really are 100s of examples for this, look some up, try it and if it doesnt work post what you got and someone will certainly help to fixed it.

  • Hawary's avatar
    Icon for Nimbostratus rankNimbostratus

    hi boneyard,

    thanks for your answer. what if i need to block only /owa from outside?. how can i achieve that? Regarding inside, the users are accessing the exchange directly, they are not passing through the F5. i appreciate if you give example for irule to block /owa and allow the other services.

    • there are quite some examples with a quick search






      in your case you dont even have to do something special for inside or outside as inside users dont reach the big-ip


      give it a try and / or post what you believe will work.