publishing OWA, ActiveSync, Outlook Anywhere and AutoDiscover.

Alimov · ‎09-17-2014

Hello. Where can I find instructions for publishing OWA, ActiveSync, Outlook Anywhere and AutoDiscover. Myself, I was able to reach only certificates. I added on fortigate root certificate and certificate exchange. Next, I need to publish services. How do I do it. My device - fortigate 100d Firmware - v5.2.0, build0589 Exchange 2010 sp3

Alimov · ‎09-18-2014

I understand. Certificates and other stuff is unnecessary. Unlike TMG))). You just need to do portforwarding.

ejhardin · ‎09-28-2014

TMG and a FortiGate are not the same so yes just open the port. A FortiWeb is a true replacement for TMG.

Mark_Oakton · ‎11-20-2014

How does Fortiweb handle Outlook anywhere / RPC connections over HTTPS - I know some WAF's have issues with file attachments through email over rpc/https - anyone using Fortiweb for this successfully that can share feedback?

Infosec Partners

oliverlag · ‎05-15-2015

I'm very interested to this thread.

I've just tried a migration and I got a loooot of trouble with outlook activesync and different android devices.

anyone can help here?

thanks

DiNet · ‎05-18-2015

oliverlag wrote:
I'm very interested to this thread.
I've just tried a migration and I got a loooot of trouble with outlook activesync and different android devices.
anyone can help here?
thanks

You need to provide info and probably make your own thread for that.

In general there are absolutely no issues with specific OS devices. All you do is VIP with HTTPS service port 443 to your server.

The only issue client side would maybe be leftover certificate and androids needing "reconnect" to force new cert.

oliverlag · ‎05-20-2015

I'm retrying everything in my lab and doing a poc.

I will get back with a new thread in case.

thanks

GeekyTech · ‎05-27-2015

I'm in the same boat!

Exchange 2013 Single server setup

I've had Support setup the VIP, setup the profile and now when I go to the URL I get a HTTP 400 error i'll have support help later today will post anything they do. Really wish there was a guide, because not sure how you point the exchange server to it once its in place.

DiNet · ‎05-27-2015

evolutionxtinct wrote:
I'm in the same boat!

Exchange 2013 Single server setup

I've had Support setup the VIP, setup the profile and now when I go to the URL I get a HTTP 400 error i'll have support help later today will post anything they do. Really wish there was a guide, because not sure how you point the exchange server to it once its in place.

There's no guide because there absolutely nothing special about exchange. It is same port forwarding as in any other appliance or software and any other server. It's just port forward.

You go to objects, go to virtual ip, set your external IP, set your internal IP, select port forward, type 443. Go to policy and allow all to newly created ViP.

oliverlag · ‎05-27-2015

Hi guys.. there is a guide! I've asked to support and they gave me this not-public doc. There you go:

https://onedrive.live.com...&ithint=file%2cpdf

Despite the title looks great it does not show much new things.

I tested this thing yesterday and the problem are two:

1-FGT does not do http redirect.. so if you do https://mail.yourdomain.com it does not redirect to https://mail.yourdomain.com/owa for example (TMG does it)

2- TMG can accept authentication without the domain setup. So mobile devices like android / ios are already configured w/o domain. Once you migrate from TMG to FGT all those devices won't work anymore! They will say the password is wrong. Of course is not the password but it's the username. FGT claims the format DOMAIN\user instead of "user"

This is because TMG authenticate users before talking to Exchange (something that FGT can't do).