Exchange server extended protection and BigIP

Question

i have exchange server secured by WAF, i need to enable extended protection as below :

https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection?view=exchserver-2019#enabling-extended-protection

so does WAF support this? i mean is there anything i have to change from WAF?

f5admin2024 · Answer

same here, same situation.&nbsp;any ideas?

jhduke · Answer

Same problem but different implementation. I'm front-ending and external connection inbound to Exchange via EWS to pull mailbox info. Once EP was enabled it broke the NTLMv2 auth via APM.... Looking for a way to capture the user account making the request to allow/deny based on the user. Exchange is looking for NTLM auth so basic on APM for EWS won't work...&nbsp;

juergen_mang · Answer

Extended protection is not supported: https://community.f5.com/discussions/technicalforum/cve-2024-21410/328785

p_kueppers · Answer

Its working when you only use OWA and use form-based SSO or basic-auth for active-sync

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Exchange server extended protection and BigIP

4 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

Extending F5 ADSP: Multi-Tailnet Egress

Extend visibility - BIG-IP joins forces with CrowdStrike

L7 DoS Protection with NGINX App Protect DoS

F5 API Security: Discovery and Protection

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS