New BIG-IP ASM v13 Outlook Web Access (OWA) 2016 Ready Template
F5 has created a specialized ASM template to simplify the configuration process of OWA 2016 with the new version of BIG-IP v13
Click here and download the latest version of XML file that contains the template: Outlook Web Access 2016 Ready Template v6.x
Goal: Quick OWA 2016 base line policy which set to Blocking from Day-One tuned to OWA 2016 environment.
Ready Template Deployment Steps
- Download the latest version of the policy XML file (click on the file --> Raw --> Save As) from the link above
- Update Attack Signature to the latest version: Click "Security Update" --> "Application Security" --> "Check for Updates" --> "Install Updates"
- Click "Application Security" --> "Import Policy" --> Select File" and choose the XML file
- Edit the policy name to the protected application name and click "Import Policy"
- Attach the policy to the appropriate virtual server
- Refine learning new records in "Application Security" --> "Policy Building" --> Traffic Learning"
- Observe no false positive occur by validating event logs: "Event Logs" --> "Application" --> "Request"
Important: If the policy is not working properly, please ensure you are using the latest version. If you have any issues or questions, please send any feedback to my email: n.ashkenazi@f5.com
Published Jan 24, 2018
Version 1.0
Nir_Ashkenazi
Employee
EmployeeNir_AshkenaziEmployee
Employee- Walter_Kacynski
Cirrostratus
How is this different than the "OWA Template" in the 13.1 base product?
Nir_AshkenaziThanks Walter for reaching out, we are always in ongoing process to improve security and reduce false positive of the templates. The update touch multiple areas of the policy but mainly updated attack signatures sets and change positive models to compact mode with staging state. As well URL`s was updated with common content types.
- Walter_Kacynski
So, this would be considered a patched version of that template then? Is there a section of the F5 download site for updated (supported) ASM Templates like there is for iApps?
- Walter_Kacynski
Also, will this new template support OWA 2013?
- Nir_Ashkenazi
Yes, it a patched version that would finally will be updated into the device template repository. The template was tested on OW16K so there is no guaranty it would work as expected in OWA13K.
dracoNimbostratus
Hi
will this work with 12.1.2 ?
- Nir_Ashkenazi
The template was tested on v13 so unfortunately there is no backward comparability guarantee
am_gliAltostratus
Hi,
I've implemented a policy in transparent mode with this template, but I'm facing some issues during traffic learning:
a) ActiveSync triggers strange SQL-Injection Suggestions: SQL-INJ "' --" (SQL comment) (Parameter) (2)
b) ActiveSync triggers strange Execution attempts (ftp, del, sfc, ...) since it detects these strings in the string of a JPG or similar...Is there any suggestion how to handle these suggestions in a good and secure manner?
- Nir_Ashkenazi
Thanks Amir for updating about the issue with active-sync, As far as I understand you are testing in clear environment? could you please export the illegal logs and send it to my email nashkenazi@ so I will take a look (via Events Logs -> Applications -> Request -> Select All -> Export) ?
- am_gli
Hi Nir, thanks for the quick reply. Unfortunately I had no logging profiles bound currently. I've just changed it and I'm waiting for a few events to occur. I hope to send you the logs latest by tomorrow.
