Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Content Delivery

Blocking access to ECP services on KEMP but still able to access it from external and internal

Updated

 

Information

 

Summary:

Blocking the access of ECP on KEMP, but traffic still hits the ECP SubVS even after disabling it.
Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Exchange
Question/Problem Description:

As per Microsoft recommendations, along with implementing Cookie Filtering Microsoft mitigation recommendations include disabling ECP Services for access.
Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: Content rules are disabled when you disable and re-enable SSL Acceleration
Resolution:

When SSL Acceleration is disabled and re-enabled it disables content switching and rules are unassigned, causing Traffic hit all the SubVS based on the Scheduling method as there is no content rule to filter traffic on the SubVS level.

Enable Content Switching, assign the rules on SubVS and disable the ECP SubVS.

  • Virtual Services -> View/Modify Services -> Exchange HTTPS re-encrypted with ESP - Modify -> Advanced Properties -> Content Switching -> Enabled.
  • Virtual Services -> View/Modify Services -> Exchange 2019 HTTPS re-encrypted with ESP - Modify -> SubVSs -> Assign content rules -> ECP_2234 for ECP if using Exchange Template.
  • Virtual Services -> View/Modify Services -> Exchange 2019 HTTPS re-encrypted with ESP - Modify -> SubVSs -> Assign content rules -> OWA_2234 and ROOT_2234 for OWA if using Exchange Template.
Workaround:  
Notes: Disabling Exchange Services via LoadMaster

Comments

In this document