Publish Exchange Server OWA and Deny ECP

nhajji wrote:

I need to publish my Exchange Server OWA virtual directory ( https://myEmailServerName/owa )

the usual policy exposes the ECP virtual Directory (  https://myEmailServerName/ECP ).

thus i need to deny access to the ECP, andd allow only OWA.

is there any way to configure this with Fortigate Device ( FortiOS v6.0) other than Fortiweb any ideas please  ??

regards

 

 

 

I would recommend to use FortiWeb or a real WAF. The reasons can be read here: https://www.fortinet.com/products/web-application-firewall/fortiweb.html#faqs

Here is an example: https://cookbook.fortinet.com/protecting-web-applications-54/

FGT do has a small WAF daemon but it cannot provide too many options!

I have it in place and it does its job (at least for our scenario), however you might need to edit the configuration and add some signatures to bypass list, once in 2 weeks. ;)

I tested the WAF profile with Zap tool and it did block a lot of well known stuff.

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

On FGT you can use WAF profile to protect OWA. Additionally, you could use IPS to enhance security at connection level.

https://www.fortinet.com/demand/gated/WAF_or_IPS.html

Hope it helps,

Prab :)