Forum Discussion

Nimbostratus

Oct 24, 2014

Solved

Exchange 2010, O365, APM and iRule

Hello, I'm trying to deploy BIG IP with Exchange 2010 in hybrid mode. It involves that there is only authentication for OWA and ActiveSync and no authentication for the EWS and autodiscover. It ...

application delivery

BIG-IP Access Policy Manager (APM)

mikeshimkus_111
Oct 27, 2014
For EWS and Autodiscover, you should be able to add an iRule (or disable strictness on the iApp deployment and edit the existing pool assignment iRule) to disable APM for that traffic. For example:

when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/ews*" { ACCESS::disable } "/autodiscover*" { ACCESS::disable } }

For OWA, you'll need to remove the logon page from the Access Policy and modify the sso_select iRule to choose the NTLM SSO instead of forms:

when ACCESS_ACL_ALLOWED { set req_uri [string tolower [HTTP::uri]] if { $req_uri contains "/owa" } { WEBSSO::select [set foo /Common/exchange_2010.app/exch_ntlm_sso] } unset req_uri }

Vincent_Z_17509

Nimbostratus

Oct 25, 2014

Hi MiKe, Thanks for your answer. Our BIG IP are running in V11.5 . In fact, I tried to use the last exchange template. But the EWS and Autodiscover "traffic" between Microsoft Office 365 networks and our internal network has to be established with an anonymous mode. So my need is to publish our CAS exchange servers with : OWA : basic or ntlm authentication ActiveSync : basic or ntlm authentication EWS : No authentication Autodiscover : No authentication In our old ISA servers, we have published 2 rules with the same listener : one with authentication and one without. And I don't see how to do the same thing on the big ip.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)