For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nfordhk_66801's avatar
Nfordhk_66801
Icon for Nimbostratus rankNimbostratus
Oct 26, 2015

Securing OWA using APM from Outside for specific users

Hi,

 

We have deployed our 2013 exchange environment using the iApps template. Initially, we did not opt to use APM but we are circling back around with unique requirements.

 

We have two requirements:

 

  1. Secure OWA based on specific security groups. I believe I can achieve this by modifying the access profile using the AD Group Resource Assign container.

     

  2. Secure OWA based on specific security groups only allowing inside access. Basically, we want to give OWA to internal teams and restrict this OWA access from outside the company. My thought is, we would need an iRule or something to identify that a public IP + a security group was attempting access and deny the resource.

     

Looking for feedback on my ideas and thought process.

 

application delivery
BIG-IP Access Policy Manager (APM)
devops
iApps
iRules
owa
security

2 Replies

  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Oct 26, 2015

    No irules necessary, you can build both pieces of logic inside of your Access Policy. For groups, you can just use "AD Query" or "LDAP Query" and success branch from that if the group name appears in the response. For IP address checking, you can use a similar technique to branch from a result by checking the client IP session variable.

     

  • Nfordhk_66801's avatar
    Nfordhk_66801
    Icon for Nimbostratus rankNimbostratus
    Oct 27, 2015

    Perfect! I didn't know subnet match was an option. I was able to use AD query and match based on group membership. Thanks for your help!