OWA Access Via Fortigate

Forum|Forum|22 years ago
April 15, 2004
4 replies
6551 views

Hi, am I right to say that I can do this over the Fortigate Firewall? e.g. http://mydomain/exchange/ What I need is just to forward (Firewall > Policy) all the inbound http (80) to my internal server at 10.0.0.1? Many Thanks. PK

A

Anonymous_UserAuthor

Contributor

You' re exactly right. Just create a Ext --> Int policy entry for it. You will also have to set something up in the Virtual IP section for it as well since you are using NAT. So don' t forget that. Hint: Enable Intrusion Prevention. My company has OWA set up for external access as well and it gets hit all the time with CodeRed, CodeRed II, etc... It' s a good idea to let the FG filter those out.

A

Anonymous_UserAuthor

Contributor

Thanks JBult. I hope I can get it done right after the MX Record pointing to the firewall external IP as I need to wait for the ISP to update the MX record for now.

garyho

New Member

Hi PK, Wonder you using OWA on Exchange 2003? This version uses RPC over HTTP and might have problems across firewalls. Gary

A

Anonymous_UserAuthor

Contributor

Hi Gary, Nope, The setup for Exchange 5.5 (Yes. 5.5

). I would like to test on the Exchange 2003 but not this round.

garyho

New Member

Hi, I guess there shld not be any problem...god bless u... Gary

A

Anonymous_UserAuthor

Contributor

OWA over Exchange 2003 for FG50, 60, 200 & 300 all works on both MR6 and MR7. HOWEVER! Keep your AV scanning to default SCAN don' t use STRICT. You end up with inconsistant problems, blank preview screens, very slow access and ultimatly a helpdesk full of screaming fans. This has been my experience anyways hope it helps. Kind regards

garyho

New Member

Hi Blueguava, Are you using Basic or Premium OWA? Can you share with us about your deployment scenario? I would like to setup one too. Hear from you... :-) Gary

A

Anonymous_UserAuthor

Contributor

No worries have run a few scenario' s most being FG 60 with a Exchange Box access via NAT. Just set a virtual IP with port forward, created firewall rule to access HTTP (or HTTPS if you are running a cert on your OWA access). We found that when you turn on the default " STRICT" rule OWA ran very slow and gave intermitant errors. Change the rule to default " SCAN" and it runs just fine. Had similar results on a FG50A, FG100, FG200 and FG300. Is there any thing else you would like to know. Kind Regards

A

Anonymous_UserAuthor

Contributor

I manage to get the OWA (Exchange 5.5) up & running wihtout the fortigate100, but the funny thing is that once I get the firewall running, my OWA face the Auth problem " 401.1 Unauthorized: Logon Failed" . I yet to check why but before the Fortigate100 in place, I can access the OWA with my domain\user , password ...

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded