Forum Discussion

tankovich_14368's avatar
tankovich_14368
Icon for Nimbostratus rankNimbostratus
Jun 30, 2015

Redirect to pool to bypass SSL offloading for Exchange Hybrid setup - syntax issue(s)

Hello DevCentral Community, We recently configured a hybrid setup between Exchange2010 and O365 but we're running into issues migrating mailboxes between the two environments. After some googling a...
application delivery
design
devops
iRules
LTM
microsoft
o365
mikeshimkus_111's avatar
mikeshimkus_111
Historic F5 Account
Jul 01, 2015

Hi, are you deploying all of your Exchange services on one virtual server? If so, you should be editing the combined iRule, not the redirect iRule. I would also think that since you deployed SSL offload, you don't have a server SSL profile assigned to your VIP so SSL::enable won't work. If you want to offload SSL, what you'll probably need to do is:

  • Deploy the iApp using SSL bridging
  • Disable strictness
  • Create a new pool on port 443 for MRS proxy
  • Modify your existing pools to use port 80
  • Edit your combined pool iRule to look like the rule below.

Another option might be to point Office 365 to a different FQDN for migration, and do a separate, SSL bridging deployment at that IP address.

when HTTP_REQUEST {
 switch -glob -- [string tolower [HTTP::path]] {
      "/microsoft-server-activesync*" {
           TCP::idletime 1800
           SSL::disable
           pool /Common/exchange_2013.app/exchange_2013_as_pool3            
           CACHE::disable
           return
      }
      "/owa*" {
           if { [HTTP::header exists "Accept-Encoding"] } {
                HTTP::header remove "Accept-Encoding"
           }
           SSL::disable
           pool /Common/exchange_2013.app/exchange_2013_owa_pool3           
           return
      }
      "/ews/mrsproxy.svc"
      pool my_mrs_pool
      CACHE::disable
      return
 }
 "/ews*" {
      SSL::disable
      pool /Common/exchange_2013.app/exchange_2013_oa_pool3            
      CACHE::disable
      return
 }
 "/ecp*" {
      SSL::disable
      if { [HTTP::header exists "Accept-Encoding"] } {
           HTTP::header remove "Accept-Encoding"
      }
      pool /Common/exchange_2013.app/exchange_2013_owa_pool3            
      return
 }
 "/oab*" {
      SSL::disable
      pool /Common/exchange_2013.app/exchange_2013_oa_pool3
      persist none
      return
 }
 "/rpc/rpcproxy.dll*" {
      SSL::disable
      pool /Common/exchange_2013.app/exchange_2013_oa_pool3            
      CACHE::disable            
      return
 }
 "/autodiscover*" {
      SSL::disable
      pool /Common/exchange_2013.app/exchange_2013_ad_pool3
      persist none
      return
 }
 default {
       This final section takes all traffic that has not otherwise
       been accounted for and sends it to the pool for Outlook Web
       App
      SSL::disable
      pool /Common/exchange_2013.app/exchange_2013_owa_pool3

 }

} }