Exchange server extended protection and BigIP

Question

i have exchange server secured by WAF, i need to enable extended protection as below :

https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection?view=exchserver-2019#enabling-extended-protection

so does WAF support this? i mean is there anything i have to change from WAF?

f5admin2024 · Answer

same here, same situation.&nbsp;any ideas?

jhduke · Answer

Same problem but different implementation. I'm front-ending and external connection inbound to Exchange via EWS to pull mailbox info. Once EP was enabled it broke the NTLMv2 auth via APM.... Looking for a way to capture the user account making the request to allow/deny based on the user. Exchange is looking for NTLM auth so basic on APM for EWS won't work...&nbsp;

juergen_mang · Answer

Extended protection is not supported: https://community.f5.com/discussions/technicalforum/cve-2024-21410/328785

p_kueppers · Answer

Its working when you only use OWA and use form-based SSO or basic-auth for active-sync

Forum Discussion

Exchange server extended protection and BigIP

4 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS

Managing NGINX App Protect WAF for Beginners

F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions

Cookie-based DDoS protection