I try to use the load balancing module as a reverse proxy.
My goal is to protect the OWA of my exchange.
So. When i create a virtual server for HTTP (any port) from my external ip to any internal web server using HTTP (real server) and also creating the necessary ipv4 policy, it works fine.
But, when i try to create a virtual server for HTTPS (any port) or HTTP (any port) from my external ip to my exchange server using HTTPS (real server) and also creating the necessary ipv4 policy, it doesn't work.
When trying from a browser the url https://mypublicip or https://mypublicip:port i get the certificate warning of the browser and when i hit continue i am receiving an error for empty response and when i try http://mypublicip or http://mypublicip:port i get connection refused or connection timed out at my browser.
Ideally i would like to configure https to https senario. I am a little bit confused about the certificates i have to use.
When Microsoft exchange server is installed a sef-signed certificate is created. Is this the certificate i have to use to the firewall also? (export from exchange server and import to firewall??)
Any ideas...???
Orestis Nikolaidis
Network Engineer/IT Administrator
You need VIP with perform destination NAT for Internet users. I don't see any value to use load balancing feature for one server.
Problem solved. I need to create a policy in which i overload the exchange to the vip i used for incomming traffic.
Orestis Nikolaidis
Network Engineer/IT Administrator
Hello Orani,
i know this is an old post, but can you help
we have the exact same problem as u did before, can you elaborate more how did you fix it ?
Thanks
Firstly, regarding the certificates, you can actually use the self-signed certificate created by Microsoft Exchange server. Just export it from the server and import it into your firewall. This will ensure a secure connection between your proxy service and the Exchange server. If you're still having problems after configuring the certificates correctly, double-check your virtual server and IPv4 policies. Make sure they're set up correctly for both HTTP and HTTPS. By the way, I wanted to mention a helpful resource called proxys.io. They have great insights and solutions for proxy services. You might find them useful for additional guidance.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.