Forum Discussion

Keith_Fox_15580's avatar
Keith_Fox_15580
Icon for Nimbostratus rankNimbostratus
Nov 14, 2014

Block access to Activesync with f5.microsoft_exchange_2010_2013_cas.v1.3.0 iapp

Hello,

 

I am looking to block our external users from using active-sync via our F5 appliance after switching to using the F5 for external access and load balancing for our Exchange 2010 environment. We are using Airwatch for activesync and since installing the F5 for our external email access it now allowing users to access email on a IOS/Android device bypassing Airwatch security.

 

Thanks for any suggestions!

 

  • Hi Keith, you could create an iRule like this one and attach it to the virtual server using the iApp's advanced mode. Or, you could modify the pool assignment iRule created by the iApp, however that will require disabling strictness on the deployment.

    when HTTP_REQUEST {
        switch -glob -- [string tolower [HTTP::path]] {
            "/microsoft-server-activesync*" {
                drop
            }
        }
    }
    
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Hi Keith, you could create an iRule like this one and attach it to the virtual server using the iApp's advanced mode. Or, you could modify the pool assignment iRule created by the iApp, however that will require disabling strictness on the deployment.

    when HTTP_REQUEST {
        switch -glob -- [string tolower [HTTP::path]] {
            "/microsoft-server-activesync*" {
                drop
            }
        }
    }
    
    • Keith_Fox_15580's avatar
      Keith_Fox_15580
      Icon for Nimbostratus rankNimbostratus
      This appears to be working perfectly, thanks for the quick response!
  • Hello,

     

    You can use : - ASM - LTM policies - irules

     

    to block access to /Microsoft-Server-ActiveSync url