Forum Discussion
gscholz
Nimbostratus
NimbostratusSetting up ASM policy to protect Outlook Web Access (OWA)
I have used the iApp to create a the setup for some Exchange 2016 backend servers. Users from outside are supposed to use Outlook Web App (OWA), and I thought it should be possible to protect the vi...
gscholzNimbostratus
NimbostratusI have done some further testing. I am using the Partner Vlab setup in its most basic form. I have manually created a virtual server for HTTPs, and I have assigned the profile to it that was created from the iApp:
ltm virtual /Common/https_virtual {
destination /Common/10.1.10.20:443
ip-protocol tcp
mask 255.255.255.255
pool /Common/https_pool
profiles {
/Common/App-Exchange-2016.app/App-Exchange-2016_http_profile { }
/Common/clientssl {
context clientside
}
/Common/serverssl {
context serverside
}
/Common/tcp { }
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
}
ltm profile http /Common/App-Exchange-2016.app/App-Exchange-2016_http_profile {
app-service /Common/App-Exchange-2016.app/App-Exchange-2016
defaults-from /Common/http
insert-xforwarded-for enabled
redirect-rewrite all
}
For comparison, this is what the virtual server looks like that was created from the iApp:
ltm virtual /Common/App-Exchange-2016.app/App-Exchange-2016_combined_https {
app-service /Common/App-Exchange-2016.app/App-Exchange-2016
destination /Common/10.1.10.30:443
ip-protocol tcp
mask 255.255.255.255
profiles {
/Common/App-Exchange-2016.app/App-Exchange-2016_caching_profile { }
/Common/App-Exchange-2016.app/App-Exchange-2016_clientssl {
context clientside
}
/Common/App-Exchange-2016.app/App-Exchange-2016_http_profile { }
/Common/App-Exchange-2016.app/App-Exchange-2016_lan-optimized_tcp_profile {
context serverside
}
/Common/App-Exchange-2016.app/App-Exchange-2016_oneconnect { }
/Common/App-Exchange-2016.app/App-Exchange-2016_serverssl {
context serverside
}
/Common/App-Exchange-2016.app/App-Exchange-2016_wan-optimized-compression_profile { }
/Common/App-Exchange-2016.app/App-Exchange-2016_wan-optimized_tcp_profile {
context clientside
}
/Common/ntlm { }
}
rules {
/Common/App-Exchange-2016.app/App-Exchange-2016_owa_redirect_irule7
/Common/App-Exchange-2016.app/App-Exchange-2016_combined_pool_irule7
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
}
When I want to create a new application security policy https_virtual shows up in the dropdown menu of eligible virtual servers, but App-Exchange-2016_combined_https does not. Would anybody know the reason?