MS Exchange 2016
Contents
1 Introduction
The LoadMaster combines versatility with ease-of-use to speed deployment of the complete portfolio of advanced messaging applications and protocols used by Microsoft Exchange 2016 (Exchange 2016), including Outlook on the Web, MAPI/HTTP, Outlook Anywhere (OA), Exchange ActiveSync (EAS), Simple Mail Transfer Protocol (SMTP), Post Office Protocol version 3 (POP3), Internet Message Access Protocol version 4 (IMAP4) and Office Online Server (OOS). With built-in SSL acceleration and/or overlay, the LoadMaster offloads a key source of CPU drain to improve the capacity of the Exchange 2016 infrastructure. Layer 7 health checking at the LoadMaster ensures that if one of the client access components becomes inaccessible, the load balancer will take that component offline for that server, while automatically re-routing and reconnecting users to other functioning servers.
The entire LoadMaster product family, including the Virtual LoadMaster (VLM) supports Exchange 2016, and includes a comprehensive first year warranty and technical support agreement.
1.1 About This Manual
This manual addresses how to deploy and configure a LoadMaster appliance with Exchange 2016 using Progress Kemp application templates.
The LoadMaster family of products has various models to support networks of different throughput requirements. Information in this manual applies to all LoadMaster models.
1.2 Prerequisites
This guide assumes the reader is a network administrator or familiar with networking and general computer terminology. It is further assumed that the Exchange 2016 environment is set up and the LoadMaster is installed.
LoadMaster documentation is available at https://www.kemptechnologies.com/documentation.
At a minimum, you should have:
- Installed the Microsoft Servers, Active Directories, and followed other Microsoft requirements.
- Installed the LoadMaster on the same network as the servers.
- Established access to the LoadMaster Web User Interface (WUI).
2 Exchange 2016 Overview
Microsoft Exchange Server is a mail server, calendaring software, and contact manager. It is a server program that runs on Windows Server and is part of the Microsoft Servers line of products. The improvements made in Exchange 2016 have made it easier to load balance Exchange-related traffic.
Exchange 2016 includes the following solutions for switchover and failover redundancy:
High availability: Exchange 2016 uses Database Availability Groups (DAGs) to keep multiple copies of your mailboxes on different servers synchronized. That way, if a mailbox database fails on one server, users can connect to a synchronized copy of the database on another server.
Site resilience: You can deploy two Active Directory sites in separate geographic locations, keep the mailbox data synchronized between the two, and have one of the sites take on the entire load if the other fails.
Online mailbox moves: During an online mailbox move, email accounts are still accessible. Users are locked out for a brief period at the end of the process, when the final synchronization occurs. Online mailbox moves can be performed across forests or in the same forest.
Shadow redundancy: Shadow redundancy protects the availability and recoverability of messages while they are in transit. With shadow redundancy, the deletion of a message from the transport databases is delayed until the transport server verifies that all the next hops for that message have completed. If any of the next hops fail before reporting successful delivery, the message is resubmitted for delivery to the hop that did not complete.
2.1 Understanding Server Load Balancing
Server load balancing is a way to manage which servers receive traffic. Server load balancing provides failover redundancy to ensure users continue to receive service in case of failure. It also enables your deployment to handle more traffic than one server can process while offering a single host name for clients.
Server load balancing serves two primary purposes. It reduces the impact of server failures within an exchange organization. In addition, server load balancing ensures that the load on the CAS and transport services are optimally distributed.
As OWA is rendered on the same server that is hosting the user’s mailbox database; if a client hits a different CAS, there is no performance degradation because the session rendering for that user is already up and running.
Forms-based authentication is improved. The authentication cookie is provided to the user after logon and it is encrypted using the CAS’s SSL certificate. This allows a logged in user to resume their session on a different CAS without having to re-authenticate (if servers share the same SSL certificate).
2.2 Enable Subnet Originating Requests Globally
It is best practice to enable the Subnet Originating Requests option globally.
In a one-armed setup (where the Virtual Service and Real Servers are on the same network/subnet) Subnet Originating Requests is usually not needed. However, enabling Subnet Originating Requests should not affect the routing in a one-armed setup.
In a two-armed setup where the Virtual Service is on network/subnet A, for example, and the Real Servers are on network B, Subnet Originating Requests should be enabled on LoadMasters with firmware version 7.1-16 and above.
When Subnet Originating Requests is enabled, the Real Server sees traffic originating from 10.20.20.21 (LoadMaster eth1 address) and responds correctly in most scenarios.
With Subnet Originating Requests disabled, the Real Server sees traffic originating from 10.0.0.15 (LoadMaster Virtual Service address on eth0) and responds to eth0 which could cause asymmetric routing.
When Subnet Originating Requests is enabled globally, it is automatically enabled on all Virtual Services. If the Subnet Originating Requests option is disabled globally, you can choose whether to enable Subnet Originating Requests on a per-Virtual Service basis.
To enable Subnet Originating Requests globally, follow the steps below:
1. In the main menu of the LoadMaster User Interface (UI), go to System Configuration > Miscellaneous Options > Network Options.
2. Select the Subnet Originating Requests check box.
2.3 100-Continue Handling
To avoid issues with Exchange Web Services, especially in hybrid configuration, configure 100-continue handling to comply with RFC-7231 instead of the standard setting of RFC-2616.
To resolve this issue, apply the following setting on the LoadMaster.
100-Continue handling = RFC-7231 Complaint
1. To select RFC-7231 Compliant globally, follow the steps below:
a) In the main menu of the LoadMaster WUI, go to System Configuration > Miscellaneous Options > L7 Configuration.
b) Select RFC-7231 Complaint under 100-Continue Handling.
2.4 Additional L7 Header
When using the built-in Mail client on Mac, you may experience connectivity issues. This happens due to how the Mail client on Mac handles Persistent-Auth headers from the Exchange server. This behavior is not present on Outlook for Mac clients or any Windows Office clients.
To resolve this issue, apply the following settings on the LoadMaster.
Additional L7 Header = None
To select None for Additional L7 Header globally, follow the steps below:
1. In the main menu of the LoadMaster WUI, go to System Configuration > Miscellaneous Options > L7 Configuration.
2. Select None under Additional L7 Header.
3 Virtual Service Templates
Progress Kemp has developed templates containing our recommended settings for Exchange 2016. These templates can be installed on the LoadMaster and can be used when creating each of the Virtual Services. Using a template automatically populates the settings in the Virtual Services. This is quicker and easier than manually configuring each Virtual Service. If needed, you can make changes to any of the Virtual Service settings after using the templates.
Download released templates from the following page: LoadMaster Templates.
For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description.
This guide outlines the steps for setting up Virtual Services using Progress Kemp Application Templates. The Exchange 2016 templates currently available are grouped in three downloadable files as follows:
- Exchange2016Core
- This file contains templates for non-SSL offloaded HTTPS, SSL offloaded HTTPS, and SMTP Virtual Services.
- This is the primary set of services required to balance Exchange 2016.
- Exchange2016ESP
- This set contains individual templates for a HTTPS service with SSL offloading and an SMTP service, both with ESP enabled.
- These services are only necessary if you want to use ESP functionality.
- Exchange2016Additional
- This set contains templates for IMAP, POP, and SMTP services, including variants for STARTTLS and SSL secured services.
4 Configuring Virtual Services for Exchange 2016
Follow the instructions below to set up an Exchange Virtual Services using application templates. To configure the Virtual Services using the Application Programming Interface (API), refer to the RESTful API on the Documentation page.
The <b>Exchange 2016 Virtual Service Recommended API Settings (Optional)</b> section outlines the recommended settings and values. You can use the API parameters and values when using the LoadMaster API and automation tools.
When using the Web Application Firewall (WAF) in a Microsoft Exchange environment, ensure to enable WAF at the SubVS level to avoid issues with ActiveSync because standard WAF is unable to interpret the protocols used by ActiveSync.
4.1 HTTPS Offloaded Virtual Service or Reencrypted without ESP Virtual Service
The steps are the same when using Exchange HTTPS Offloaded and Exchange HTTPS Reencrypted with ESP application templates. To add the Virtual Services for Exchange HTTPS Offloaded or Exchange HTTPS Reencrypted, using the template, follow the steps below:
1. Click Virtual Services.
2. Click Add New.
3. Enter a Virtual Address.
4. Select the Exchange 2016 HTTPS Offloaded or the Exchange 2016 HTTPS ReEncrypted template from the Use Template drop-down list depending on your preference.
5. Click Add This Virtual Service.
4.1.1 Add SSL/TLS Certificate
This guide assumes an SSL/TLS certificate is imported into the LoadMaster. For more information and steps for SSL/TLS configuration, refer to the SSL Accelerated Services Feature Description on the Documentation page.
1. Click View/Modify Services in the left-hand navigation.
2. Click Modify for the Exchange 2016 HTTPS Offloaded Virtual Service on port 443 (or Exchange 2016 HTTPS Reencrypted if that was selected during the creation)
3. Expand SSL Properties (Acceleration Enabled).
4. Select the certificate to use in the Available Certificates and click the “arrow” > to move it to Assigned Certificates.
5. Click Set Certificate.
The Reencrypt check box is selected when using the Exchange 2016 HTTPS Reencrypted with ESP template.
Add the Real Servers
a) Click View/Modify Services in the left-hand navigation.
b) Click Modify for the Exchange 2016 HTTPS Offloaded Virtual Service on port 443 (or the Exchange 2016 HTTPS Reencrypted if that was selected during the creation).
c) Expand the SubVSs section.
d) Click Modify for Exchange 2016 HTTPS Offloaded - ActiveSync (or the Exchange 2016 HTTPS Reencrypted - ActiveSync if that was selected during the creation).
e) Expand the Real Servers section.
f) Click Add New.
g) For the Real Server Address, enter the IP Address for one of the Exchange Servers.
h) Select the Add to all SubVSs check box.
i) Click Add This Real Server.
j) Add additional Real Servers using the Add to all SubVSs check box.
The Authentication Proxy SubVS should not have a Real Server unless Kerberos Constrained Delegation (KCD) is in use.
4.2 HTTPS Offloaded and Reencrypted with ESP
The steps are the same when using Exchange HTTPS Offloaded and Exchange HTTPS Reencrypted with ESP application template. To add the Virtual Services for Exchange HTTPS Offloaded or Exchange HTTPS Reencrypted with ESP using the template, follow the steps below:
1. Click Virtual Services.
2. Click Add New.
3. Enter a Virtual Address.
4. Select the Exchange 2016 HTTPS Offloaded with ESP or the Exchange 2016 HTTPS ReEncrypted with ESP template from the Use Template drop-down list depending on your preference.
5. Click Add This Virtual Service.
4.2.1 Add SSL/TLS Certificate
This guide assumes an SSL/TLS certificate is imported into the LoadMaster. For more information and steps for SSL/TLS configuration, reference the SSL Accelerated Services Feature Guide on the Documentation page.
1. Click the View/Modify Services in the left-hand navigation.
2. Click Modify for the Exchange 2016 HTTPS Offloaded with ESP Virtual Service on port 443 (or Exchange 2016 HTTPS Reencrypted with ESP if that was selected during the creation)
3. Expand SSL Properties (Acceleration Enabled).
4. Select the certificate to use in the Available Certificates and click the “arrow” > to move it to Assigned Certificates.
5. Click Set Certificate.
The Reencrypt check box is selected when using the Exchange 2016 HTTPS Reencrypted with ESP template.
Add the Real Servers
a) Click View/Modify Services in the left-hand navigation.
b) Click Modify for the Exchange 2016 HTTPS Offloaded with ESP Virtual Service on port 443 (or the Exchange 2016 HTTPS Reencrypted with ESP if that was selected during the creation).
c) Expand the SubVSs section.
d) Click Modify for Exchange 2016 HTTPS Offloaded with ESP - Authentication Proxy (or the Exchange 2016 HTTPS Reencrypted with ESP - Authentication Proxy if that was selected during the creation).
e) Expand the Real Servers section.
f) Click Add New.
g) For the Real Server Address, enter the IP Address for one of the Exchange Servers.
h) Select the Add to all SubVSs check box.
i) Click Add This Real Server.
j) Add additional Real Servers using the Add to all SubVSs check box.
4.2.2 Configure ESP
This guide assumes an SSO Domain is configured on the LoadMaster. For more information and steps for setting up an SSO Domain, refer to the Edge Security Pack (ESP) Feature Guide on the Documentation page.
1. Click View/Modify Services in the left-hand navigation.
2. Click Modify for the Exchange 2016 HTTPS Offloaded with ESP Virtual Service on port 443 (or the Exchange 2016 HTTPS Reencrypted with ESP if that was selected during the creation).
3. Expand the SubVSs section.
4. For each SubVS the following fields must be configured. Click the set button next to each field entered.
| SubVS Name | Pre-Authorization Excluded Directories | Allowed Virtual Hosts | Logoff String | User Password Form |
| Authentication Proxy | n/a | Required | n/a | n/a |
| ActiveSync | n/a | Required | n/a | n/a |
| API | n/a | n/a | n/a | n/a |
| Autodiscover | n/a | Required | n/a | n/a |
| ECP | n/a | Required | n/a | n/a |
| EWS | n/a | Required | n/a | n/a |
| MAPI | n/a | Required | n/a | n/a |
| OAB | n/a | Required | n/a | n/a |
| OWA | /owa/<guid@smtpdomain>*1 | Required | /owa/logoff.owa | https://<Exchange URL> /owa/auth/expiredpassword.aspx?url=/owa/auth.owa |
| PowerShell | n/a | Required | n/a | n/a |
| RPC | n/a | Required | n/a | n/a |
1GUID is unique to each Exchange deployment. To find the correct GUID, run the following command on the Exchange Server:
Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “OrganizationCapabilityClientExtensions”} | fl exchangeGUID, primarysmtpaddress
The Logoff String must be set to /owa/logoff.owa in the OWA SubVS. In a customized environment, if the OWA logoff string has been changed, the modified logoff string must be entered in the Logoff String text box.
The SSO Greeting Message field accepts HTML code, so the users can insert their own image if desired. The grave accent character ( ` ) is not supported. If this character is entered in the SSO Greeting Message, the character will not display in the output, for example, a`b`c becomes abc.
4.3 HTTPS Pass-through Virtual Service
To add the Virtual Services for Exchange HTTPS Pass-through using the template, follow the steps below:
1. Click Virtual Services.
2. Click Add New.
3. Enter a Virtual Address.
4. Select the Exchange 2016 HTTPS pass-through template from the Use Template drop-down list depending on your preference.
5. Click Add This Virtual Service.
6. Expand the Real Servers section.
7. Click Add New.
8. For the Real Server Address, enter the IP Address for one of the Exchange Servers.
9. Click Add this Real Server.
10. Add any additional Real Servers as required.
4.4 IMAP and IMAPS Virtual Service
The steps are the same when using Exchange IMAP and Exchange IMAPS application templates. To add the Virtual Services for Exchange IMAP and Exchange IMAPS using the template, follow the steps below:
1. Click Virtual Services.
2. Click Add New.
3. Enter a Virtual Address.
4. Select the Exchange 2016 IMAP or the Exchange 2016 IMAPS template from the Use Template drop-down list depending on your preference.
5. Click Add This Virtual Service.
6. Expand the Real Servers section.
7. Click Add New.
8. For Real Server Address, enter the IP Address for one of the Exchange Servers.
9. Click Add this Real Server.
10. Add any additional Real Servers as required.
4.5 IMAPS Offloaded and IMAP with STARTTLS Virtual Service
The steps are the same when using Exchange IMAPS Offloaded and Exchange IMAP with STARTTLS application templates. To add the Virtual Services for Exchange IMAPS Offloaded and Exchange IMAP with STARTTLS using the template, follow the steps below:
1. Click Virtual Services.
2. Click Add New.
3. Enter a Virtual Address.
4. Select the Exchange 2016 IMAP or the Exchange 2016 IMAPS template from the Use Template drop-down list depending on your preference.
5. Click Add This Virtual Service.
6. Expand SSL Properties (Acceleration Enabled).
7. Select the certificate to use in the Available Certificates and click the “arrow” > to move it to Assigned Certificates.
8. Click Set Certificate.
9. Expand the Real Servers section.
10. Click Add New.
11. For Real Server Address, enter the IP Address for one of the Exchange Servers.
Ensure port 143 is entered in the Port field.
12. Click Add this Real Server.
13. Add any additional Real Servers as required.
4.6 POP and POPS Virtual Service
The steps are the same when using Exchange POP and Exchange POPS application templates. To add the Virtual Services for Exchange POP and Exchange POPS using the template, follow the steps below:
1. Click Virtual Services.
2. Click Add New.
3. Enter a Virtual Address.
4. Select the Exchange 2016 POP or the Exchange 2016 POPS template from the Use Template drop-down list depending on your preference.
5. Click Add This Virtual Service.
6. Expand the Real Servers section.
7. Click Add New.
8. For the Real Server Address, enter the IP Address for one of the Exchange Servers.
9. Click Add this Real Server.
10. Add any additional Real Servers as required.
4.7 POPS Offloaded and POP with STARTTLS Virtual Service
The steps are the same when using Exchange IMAPS Offloaded and Exchange IMAP with STARTTLS application templates. To add the Virtual Services for Exchange IMAPS Offloaded and Exchange IMAP with STARTTLS using the template, follow the steps below:
1. Click Virtual Services.
2. Click Add New.
3. Enter a Virtual Address.
4. Select the Exchange 2016 IMAP or the Exchange 2016 IMAPS template from the Use Template drop-down list depending on your preference.
5. Click Add This Virtual Service.
6. Expand SSL Properties (Acceleration Enabled).
7. Select the certificate to use in the Available Certificates and click the “arrow” > to move it to Assigned Certificates.
8. Click Set Certificate.
9. Expand the Real Servers section.
10. Click Add New.
11. For the Real Server Address, enter the IP Address for one of the Exchange Servers.
Ensure port 110 is entered in the Port field.
12. Click Add this Real Server.
13. Add any additional Real Servers as required.
4.8 SMTP and SMTPS Virtual Service
The steps are the same when using Exchange SMTP and Exchange SMTPS application templates. To add the Virtual Services for Exchange SMTP and Exchange SMTPS using the template, follow the steps below:
1. Click Virtual Services.
2. Click Add New.
3. Enter a Virtual Address.
4. Select the Exchange 2016 SMTP or the Exchange 2016 SMTPS template from the Use Template drop-down list depending on your preference.
5. Click Add This Virtual Service.
6. Expand the Real Servers section.
7. Click Add New.
8. For the Real Server Address, enter the IP Address for one of the Exchange Servers.
9. Click Add this Real Server.
10. Add any additional Real Servers as required.
4.9 SMTPS Offloaded and SMTP with STARTTLS Virtual Service
The steps are the same when using Exchange SMTPS Offloaded and Exchange SMTP with STARTTLS application templates. To add the Virtual Services for Exchange SMTPS Offloaded and Exchange SMTP with STARTTLS using the template, follow the steps below:
1. Click the Add New button.
2. Enter a Virtual Address.
3. Select the Exchange 2016 SMTP or the Exchange 2016 SMTPS template from the Use Template drop-down list depending on your preference.
4. Click Add This Virtual Service.
5. Expand SSL Properties (Acceleration Enabled).
6. Select the certificate to use in the Available Certificates and click the “arrow” > to move it to Assigned Certificates.
7. Click Set Certificate.
8. Expand the Real Servers section.
9. Click Add New.
10. For the Real Server Address, enter the IP Address for one of the Exchange Servers.
Ensure port 25 is entered in the Port field.
11. Click Add this Real Server.
12. Add any additional Real Servers as required.
SMTPS can be configured as offloaded as outlined above but cannot be set to Reencrypt.
4.10 SMTP with ESP Virtual Service
To add the Virtual Services for Exchange 2016 SMTP with ESP using the template, follow the steps below:
1. Click the Add New button.
2. Enter a Virtual Address.
3. Select the Exchange 2016 SMTP with ESP template from the Use Template drop-down list depending on your preference.
4. Click Add This Virtual Service.
5. Expand ESP Options.
6. Enter the Permitted SMTP Domain for the Organization and click Set Permitted Domains.
7. Expand the Real Servers section.
8. Click Add New.
9. For the Real Server Address, enter the IP Address for one of the Office Online Servers.
10. Click Add this Real Server.
11. Add any additional Real Servers as necessary.
4.11 Office Online Server Virtual Service
To add the Virtual Services for Office Online Server using the template, follow the steps below:
1. Click the Add New button.
2. Enter a Virtual Address.
3. Select the Exchange 2016 Office Online Server template from the Use Template drop-down list depending on your preference.
4. Click Add This Virtual Service.
5. Expand SSL Properties (Acceleration Enabled).
6. Select the certificate to use in the Available Certificates and click the “arrow” > to move it to Assigned Certificates.
7. Click Set Certificate.
8. Expand the Real Servers section.
9. Click Add New.
10. For the Real Server Address, enter the IP Address for one of the Office Online Servers.
11. Click Add this Real Server.
12. Add any additional Real Servers as required.
5 Exchange 2016 Virtual Service Recommended Settings (Optional)
These tables outline the recommended settings using the Progress Kemp application template. You can use these settings with scripts and automation tools.
5.1 Exchange 2016 HTTP Virtual Service Recommended Settings (Optional)
|
API Parameter |
API Value |
WUI Field Name |
WUI Field Value |
Use with Template |
|---|---|---|---|---|
|
HTTP Redirect |
||||
|
port |
80 |
Port |
80 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
nickname |
Exchange%20Redirect |
Service Name (Optional) |
Exchange Redirect |
All |
|
ForceL7 |
1 |
Force L4 |
Disabled |
All |
|
Errorcode |
302 |
Error Code |
302 Found |
All |
|
ErrorUrl |
https:%5C%2F%5C%2F%25h%25s |
Redirect URL |
https:\/\/%h%s |
All |
|
CheckType |
none |
Real Server Check Method |
None |
|
|
Content Rules |
||||
|
Authentication Proxy |
||||
|
name |
Authentication_Proxy |
Rule Name |
Authentication Proxy |
ESP Enabled |
|
matchtype |
Regex |
Match Type |
Regular Expression |
ESP Enabled |
|
pattern |
%2F%5E%5C%2Flm_auth_proxy%2A%24%2F |
Match String |
/^\/lm_auth_proxy*$/ |
ESP Enabled |
|
Nocase |
1 |
Ignore Case |
Enabled |
ESP Enabled |
|
ActiveSync |
||||
|
Name |
ActiveSync |
Rule Name |
ActiveSync |
All |
|
matchtype |
Regex |
Match Type |
Regular Expression |
All |
|
pattern |
%2F%5E%5C%2Fmicrosoft-server-activesync.%2A%2F |
Match String |
/^\/microsoft-server-activesync.*/ |
All |
|
Nocase |
1 |
Ignore Case |
Enabled |
All |
|
Autodiscover |
||||
|
name |
Autodiscover |
Rule Name |
Autodiscover |
All |
|
matchtype |
Regex |
Match Type |
Regular Expression |
All |
|
pattern |
%2F%5E%5C%2Fautodiscover.%2A%2F |
Match String |
/^\/autodiscover.*/ |
All |
|
Nocase |
1 |
Ignore Case |
Enabled |
All |
| API | ||||
|
name |
api |
Rule Name |
api |
All |
|
matchtype |
Regex |
Match Type |
Regular Expression |
All |
|
pattern |
%2F%5E%5C%2Fapi.%2A%2F |
Match String |
/^\/api.*/ |
All |
|
Nocase |
1 |
Ignore Case |
Enabled |
All |
|
ECP |
||||
|
name |
ECP |
Rule Name |
ECP |
All |
|
matchtype |
Regex |
Match Type |
Regular Expression |
All |
|
Pattern |
%2F%5E%5C%2Fecp.%2A%2F |
Match String |
/^\/ecp.*/ |
All |
|
Nocase |
1 |
Ignore Case |
Enabled |
All |
|
EWS |
||||
|
name |
EWS |
Rule Name |
EWS |
All |
|
matchtype |
Regex |
Match Type |
Regular Expression |
All |
|
Pattern |
%2F%5E%5C%2Fews.%2A%2F |
Match String |
/^\/ews.*/ |
All |
|
Nocase |
1 |
Ignore Case |
Enabled |
All |
|
MAPI |
||||
|
name |
MAPI |
Rule Name |
MAPI |
All |
|
matchtype |
Regex |
Match Type |
Regular Expression |
All |
|
Pattern |
%2F%5E%5C%2Fmapi.%2A%2F |
Match String |
/^\/mapi.*/ |
All |
|
Nocase |
1 |
Ignore Case |
Enabled |
All |
|
OAB |
||||
|
name |
OAB |
Rule Name |
OAB |
All |
|
matchtype |
Regex |
Match Type |
Regular Expression |
All |
|
Pattern |
%2F%5E%5C%2Foab.%2A%2F |
Match String |
/^\/oab.*/ |
All |
|
Nocase |
1 |
Ignore Case |
Enabled |
All |
|
OWA |
||||
|
name |
OWA |
Rule Name |
OWA |
All |
|
matchtype |
Regex |
Match Type |
Regular Expression |
All |
|
Patterns |
%2F%5E%5C%2Fowa.%2A%2F |
Match String |
/^\/owa.*/ |
All |
|
Nocase |
1 |
Ignore Case |
Enabled |
All |
|
PowerShell |
||||
|
name |
powershell |
Rule Name |
powershell |
All |
|
matchtype |
Regex |
Match Type |
Regular Expression |
All |
|
Pattern |
%2F%5E%5C%2Fpowershell.%2A%2F |
Match String |
/^\/powershell.*/ |
All |
|
Nocase |
1 |
Ignore Case |
Enabled |
All |
|
RPC |
||||
|
name |
RPC |
Rule Name |
RPC |
All |
|
matchtype |
Regex |
Match Type |
Regular Expression |
All |
|
Pattern |
%2F%5E%5C%2Frpc.%2A%2F |
Match String |
/^\/rpc.*/ |
All |
|
Nocase |
1 |
Ignore Case |
Enabled |
All |
|
Main Virtual Service |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
VStype |
http |
Service Type |
http |
All |
|
nickname |
Exchange%20HTTPS%20 Offloaded |
Service Name (Optional) |
HTTP-HTTP/2-HTTPS |
Create Unique Name |
|
ForceL7 |
1 |
Force L4 |
Disabled |
All |
|
Transparent |
0 |
Transparency |
Disabled |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
SSLAcceleration |
1 |
SSL Acceleration |
Enabled |
All |
|
SSLReencrypt |
0 or 1 |
Reencrypt |
Disabled or Enabled |
0 for Offload 1 for Reencrypt |
|
TLSType |
1 |
Supported Protocols |
TLS1.0, TLS1.1, TLS1.2, and TLS1.3 (Enabled) |
All |
|
CipherSet |
BestPractices |
Cipher Set |
BestPractices |
All |
|
Tls13CipherSet |
TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, TLS_AES_128_CCM_8_SHA256, TLS_AES_128_CCM_SHA256 |
TLS1.3 Ciphersets |
TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, TLS_AES_128_CCM_8_SHA256, and TLS_AES_128_CCM_SHA256 |
All |
|
PersistTls13CipherSet |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
Sub Virtual Service |
||||
|
Authentication Proxy |
||||
|
port |
443 |
Port |
443 |
ESP Enabled |
|
prot |
tcp |
Protocol |
tcp |
ESP Enabled |
|
Nickname |
Authentication%20Proxy |
Service Name (Optional) |
Authentication Proxy |
ESP Enabled |
|
Errorcode |
503 |
Error Code |
503 Service Unavailable |
ESP Enabled |
|
ErrorUrl |
Endpoint%20not%20available |
Redirection URL |
Endpoint not available |
ESP Enabled |
|
CheckType |
None |
Real Server Check Method |
None |
ESP Enabled |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security, and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
2 |
Client Authentication Mode |
Form Based |
ESP Enabled |
|
OutputAuthMode |
2 |
Server Authentication Mode |
Form Based |
ESP Enabled |
|
AllowedHosts |
Mail.example.com%20autodiscover.example.com |
Allowed Virtual Hosts |
Mail.example.com autodiscover.example.com |
ESP Enabled |
|
AllowedDirectories |
%2F%2A |
Allowed Virtual Directories |
/* |
ESP Enabled |
|
SingleSignOnMessage |
Please%20enter%20your%20Exchange%20credentials |
SSO Greeting Message |
Please enter your Exchange credentials |
ESP Enabled |
|
ActiveSync |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
ActiveSync |
Service Name (Optional) |
ActiveSync |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
CheckPort |
443 |
Checked Port |
443 |
All |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
All |
|
CheckUrl |
%2Fmicrosoft-server-activesync%2Fhealthcheck.htm |
URL |
/microsoft-server-activesync/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
1 |
Client Authentication Mode |
Basic Authentication |
ESP Enabled |
|
OutputAuthMode |
1 |
Server Authentication Mode |
Basic Authentication |
ESP Enabled |
|
AllowedHosts |
Mail.example.com%20autodiscover.example.com |
Allowed Virtual Hosts |
Mail.example.com autodiscover.example.com |
ESP Enabled |
|
AllowedDirectories |
%2Fmicrosoft-server-activesync%2A |
Allowed Virtual Directories |
/microsoft-server-activesync* |
ESP Enabled |
| API | ||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
API |
Service Name (Optional) |
API |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
CheckPort |
443 |
Checked Port |
443 |
All |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
All |
|
CheckUrl |
%2Fapi%2Fhealthcheck.htm |
URL |
/api/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
0 |
Enable ESP |
Enabled |
All |
|
Autodiscover |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
Autodiscover |
Service Name (Optional) |
Autodiscover |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
CheckPort |
443 |
Checked Port |
443 |
All |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
All |
|
CheckUrl |
%2Fautodiscover%2Fhealthcheck.htm |
URL |
/autodiscover/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
OutputAuthMode |
0 |
Server Authentication Mode |
None |
ESP Enabled |
|
AllowedHosts |
Mail.example.com%20autodiscover.example.com |
Allowed Virtual Hosts |
Mail.example.com autodiscover.example.com |
ESP Enabled |
|
AllowedDirectories |
%2Fautodiscover%2A |
Allowed Virtual Directories |
/autodiscover* |
ESP Enabled |
|
ECP |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
ECP |
Service Name (Optional) |
ECP |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
CheckPort |
443 |
Checked Port |
443 |
All |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
All |
|
CheckUrl |
%2Fecp%2Fhealthcheck.htm |
URL |
/ecp/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
2 |
Client Authentication Mode |
Form Based |
ESP Enabled |
|
OutputAuthMode |
2 |
Server Authentication Mode |
Form Based |
ESP Enabled |
|
AllowedHosts |
Mail.example.com%20autodiscover.example.com |
Allowed Virtual Hosts |
Mail.example.com autodiscover.example.com |
ESP Enabled |
|
AllowedDirectories |
%2Fecp%2A |
Allowed Virtual Directories |
/ecp* |
ESP Enabled |
|
SingleSignOnMessage |
Please%20enter%20your%20Exchange%20credentials |
SSO Greeting Message |
Please enter your Exchange credentials |
ESP Enabled |
|
EWS |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
EWS |
Service Name (Optional) |
EWS |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
CheckPort |
443 |
Checked Port |
443 |
All |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
All |
|
CheckUrl |
%2Fews%2Fhealthcheck.htm |
URL |
/ews/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
OutputAuthMode |
0 |
Server Authentication Mode |
None |
ESP Enabled |
|
AllowedHosts |
Mail.example.com%20autodiscover.example.com |
Allowed Virtual Hosts |
Mail.example.com autodiscover.example.com |
ESP Enabled |
|
AllowedDirectories |
%2Fews%2A |
Allowed Virtual Directories |
/ews* |
ESP Enabled |
|
MAPI |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
MAPI |
Service Name (Optional) |
MAPI |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
CheckPort |
443 |
Checked Port |
443 |
All |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
All |
|
CheckUrl |
%2Fmapi%2Fhealthcheck.htm |
URL |
/mapi/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
OutputAuthMode |
0 |
Server Authentication Mode |
None |
ESP Enabled |
|
AllowedHosts |
Mail.example.com%20autodiscover.example.com |
Allowed Virtual Hosts |
Mail.example.com autodiscover.example.com |
ESP Enabled |
|
AllowedDirectories |
%2Fmapi%2A |
Allowed Virtual Directories |
/mapi* |
ESP Enabled |
|
OAB |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
OAB |
Service Name (Optional) |
OAB |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
CheckPort |
443 |
Checked Port |
443 |
All |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
All |
|
CheckUrl |
%2Foab%2Fhealthcheck.htm |
URL |
/oab/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
OutputAuthMode |
0 |
Server Authentication Mode |
None |
ESP Enabled |
|
AllowedHosts |
Mail.example.com%20autodiscover.example.com |
Allowed Virtual Hosts |
Mail.example.com autodiscover.example.com |
ESP Enabled |
|
AllowedDirectories |
%2Foab%2A |
Allowed Virtual Directories |
/oab* |
ESP Enabled |
|
OWA |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
OWA |
Service Name (Optional) |
ECP |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
CheckPort |
443 |
Checked Port |
443 |
All |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
All |
|
CheckUrl |
%2Fowa%2Fhealthcheck.htm |
URL |
/owa/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
2 |
Client Authentication Mode |
Form Based |
ESP Enabled |
|
OutputAuthMode |
2 |
Server Authentication Mode |
Form Based |
ESP Enabled |
|
AllowedHosts |
Mail.example.com%20autodiscover.example.com |
Allowed Virtual Hosts |
Mail.example.com autodiscover.example.com |
ESP Enabled |
|
AllowedDirectories |
%2Fowa%2A |
Allowed Virtual Directories |
/owa* |
ESP Enabled |
|
ExcludedDirectories |
%2Fowa%2Fguid%40smtpdomain%2A |
Pre-Authorization Excluded Directories |
/owa/guid@smtpdomain* |
ESP Enabled |
|
SingleSignOnMessage |
Please%20enter%20your%20Exchange%20credentials |
SSO Greeting Message |
Please enter your Exchange credentials |
ESP Enabled |
|
Logoff |
%2Fowa%2Flogoff.owa |
Logoff String |
/owa/logoff.owa |
ESP Enabled |
|
PowerShell |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
PowerShell |
Service Name (Optional) |
PowerShell |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
CheckPort |
443 |
Checked Port |
443 |
All |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
All |
|
CheckUrl |
%2Fpowershell%2Fhealthcheck.htm |
URL |
/powershell/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
OutputAuthMode |
0 |
Server Authentication Mode |
None |
ESP Enabled |
|
AllowedHosts |
Mail.example.com%20autodiscover.example.com |
Allowed Virtual Hosts |
Mail.example.com autodiscover.example.com |
ESP Enabled |
|
AllowedDirectories |
%2Fpowershell%2A |
Allowed Virtual Directories |
/powershell* |
ESP Enabled |
|
RPC |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
RPC |
Service Name (Optional) |
PowerShell |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
None |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
CheckPort |
443 |
Checked Port |
443 |
All |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
All |
|
CheckUrl |
%2Frpc%2Fhealthcheck.htm |
URL |
/rpc/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
OutputAuthMode |
0 |
Server Authentication Mode |
None |
ESP Enabled |
|
AllowedHosts |
Mail.example.com%20autodiscover.example.com |
Allowed Virtual Hosts |
Mail.example.com autodiscover.example.com |
ESP Enabled |
|
AllowedDirectories |
%2Frpc%2A |
Allowed Virtual Directories |
/rpc* |
ESP Enabled |
5.2 Exchange 2016 HTTPS Pass-through Virtual Service Recommended Settings (Optional)
|
API Parameter |
API Value |
WUI Field Name |
WUI Field Value |
|---|---|---|---|
|
HTTPS Pass-through |
|||
|
port |
443 |
Port |
443 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
http |
Service Type |
HTTP-HTTP/2-HTTPS |
|
nickname |
Exchange%202016%20HTTPS%20pass-through |
Service Name (Optional) |
Exchange 2016 HTTPS pass-through |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
none |
Persistence Options |
None |
|
Schedule |
lc |
Scheduling Method |
least connection |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
|
CheckPort |
443 |
Checked Port |
443 |
|
CheckUrl |
%2Fowa%2Fhealthcheck.htm |
URL |
/owa/healthcheck.htm |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
|
CheckUseGet |
1 |
HTTP Method |
GET |
| HTTPS Pass-through Redirect | |||
|
port |
80 |
Port |
80 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
http |
Service Type |
HTTP-HTTP/2-HTTPS |
|
nickname |
Exchange%202016%20HTTPS%20pass-through%20-%20HTTP%20Redirect |
Service Name (Optional) |
Exchange 2016 HTTPS pass-through - HTTP Redirect |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Errorcode |
301 |
Error Code |
301 Moved Permanently |
|
ErrorUrl |
https:%2F%2F%25h%25s |
Redirect URL |
https://%h%s |
|
CheckType |
none |
Real Server Check Method |
None |
5.3 Exchange 2016 IMAP Virtual Service Recommended Settings (Optional)
|
API Parameter |
API Value |
WUI Field Name |
WUI Field Value |
|---|---|---|---|
|
IMAP |
|||
|
port |
143 |
Port |
143 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
gen |
Service Type |
Generic |
|
nickname |
Exchange%20IMAP |
Service Name (Optional) |
Exchange IMAP |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
ServerInit |
Imap4 |
Server Initiating Protocols |
IMAP4 |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
None |
Persistence Options |
None |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
3600 |
Idle Connection Timeout |
3600 |
|
CheckType |
Imap4 |
Real Server Check Method |
Mailbox (IMAP) Protocol |
|
CheckPort |
110 |
Checked Port |
110 |
|
IMAPS |
|||
|
port |
993 |
Port |
993 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
gen |
Service Type |
Generic |
|
nickname |
Exchange%20IMAPS |
Service Name (Optional) |
Exchange IMAPS |
|
forceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
ServerInit |
Imap4 |
Server Initiating Protocols |
IMAP4 |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
None |
Persistence Options |
None |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
3600 |
Idle Connection Timeout |
3600 |
|
CheckType |
tcp |
Real Server Check Method |
TCP Connection Only |
|
CheckPort |
993 |
Checked Port |
993 |
|
IMAPS Offloaded |
|||
|
port |
993 |
Port |
993 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
gen |
Service Type |
Generic |
|
nickname |
Exchange%20IMAPS%20Offload |
Service Name (Optional) |
Exchange IMAPS Offload |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
ServerInit |
Imap4 |
Server Initiating Protocols |
IMAP4 |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
None |
Persistence Options |
None |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
3600 |
Idle Connection Timeout |
3600 |
|
SSLAcceleration |
1 |
SSL Acceleration |
Enabled |
|
SSLReencrypt |
0 |
Reencrypt |
Disabled |
|
TLSType |
1 |
Supported Protocols |
TLS1.0, TLS1.1, TLS1.2, and TLS1.3 (Enabled) |
|
CipherSet |
BestPractices |
CipherSet |
BestPractices |
|
CheckType |
Imap4 |
Real Server Check Method |
Mailbox (IMAP) Protocol |
|
CheckPort |
143 |
Checked Port |
143 |
|
IMAP with STARTTLS |
|||
|
port |
143 |
Port |
143 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
StartTLS |
Service Type |
STARTTLS protocols |
|
nickname |
Exchange%20IMAP%20STARTTLS |
Service Name (Optional) |
Exchange IMAP STARTTLS |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
StartTLSMode |
Imap |
Server Initiating Protocols |
IMAP4 |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
None |
Persistence Options |
None |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
3600 |
Idle Connection Timeout |
3600 |
|
SSLAcceleration |
1 |
SSL Acceleration |
Enabled |
|
TLSType |
1 |
Supported Protocols |
TLS1.0, TLS1.1, TLS1.2, and TLS1.3 (Enabled) |
|
CipherSet |
BestPractices |
CipherSet |
BestPractices |
|
CheckType |
Imap |
Real Server Check Method |
Mailbox (IMAP) Protocol |
|
CheckPort |
143 |
Checked Port |
143 |
5.4 Exchange 2016 POP Virtual Service Recommended Settings (Optional)
|
API Parameter |
API Value |
WUI Field Name |
WUI Field Value |
|---|---|---|---|
|
POP |
|||
|
port |
110 |
Port |
110 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
gen |
Service Type |
Generic |
|
nickname |
Exchange%20POP |
Service Name (Optional) |
Exchange POP |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
ServerInit |
Pop3 |
Server Initiating Protocols |
POP3 |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
None |
Persistence Options |
None |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
3600 |
Idle Connection Timeout |
3600 |
|
CheckType |
Pop3 |
Real Server Check Method |
Mailbox (POP3) Protocol |
|
CheckPort |
110 |
Checked Port |
110 |
|
POPS |
|||
|
port |
995 |
Port |
995 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
gen |
Service Type |
Generic |
|
nickname |
Exchange%20POPS |
Service Name (Optional) |
Exchange POPS |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
ServerInit |
Pop3 |
Server Initiating Protocols |
POP3 |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
None |
Persistence Options |
None |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
3600 |
Idle Connection Timeout |
3600 |
|
CheckType |
tcp |
Real Server Check Method |
TCP Connection Only |
|
CheckPort |
993 |
Checked Port |
993 |
|
POPS Offloaded |
|||
|
port |
995 |
Port |
995 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
gen |
Service Type |
Generic |
|
nickname |
Exchange%20POPS%20Offload |
Service Name (Optional) |
Exchange POPS Offload |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
ServerInit |
Pop3 |
Server Initiating Protocols |
POP3 |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
None |
Persistence Options |
None |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
3600 |
Idle Connection Timeout |
3600 |
|
SSLAcceleration |
1 |
SSL Acceleration |
Enabled |
|
SSLReencrypt |
0 |
Reencrypt |
Disabled |
|
TLSType |
1 |
Supported Protocols |
TLS1.0, TLS1.1, TLS1.2, and TLS1.3 (Enabled) |
|
CipherSet |
BestPractice |
CipherSet |
BestPractices |
|
CheckType |
Pop3 |
Real Server Check Method |
Mailbox (POP3) Protocol |
|
CheckPort |
110 |
Checked Port |
110 |
|
POP with STARTTLS |
|||
|
port |
110 |
Port |
110 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
StartTLS |
Service Type |
STARTTLS protocols |
|
nickname |
Exchange%20IMAP%20STARTTLS |
Service Name (Optional) |
Exchange IMAP STARTTLS |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
StartTLSMode |
Pop3 |
Server Initiating Protocols |
POP3 |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
None |
Persistence Options |
None |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
3600 |
Idle Connection Timeout |
3600 |
|
SSLAcceleration |
1 |
SSL Acceleration |
Enabled |
|
TLSType |
1 |
Supported Protocols |
TLS1.0, TLS1.1, TLS1.2, and TLS1.3 (Enabled) |
|
CipherSet |
BestPractices |
CipherSet |
BestPractices |
|
CheckType |
pop |
Real Server Check Method |
Mailbox (POP3) Protocol |
|
CheckPort |
110 |
Checked Port |
110 |
5.5 Exchange 2016 SMTP Virtual Service Recommended Settings (Optional)
|
API Parameter |
API Value |
WUI Field Name |
WUI Field Value |
|---|---|---|---|
|
SMTP |
|||
|
port |
25 |
Port |
25 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
gen |
Service Type |
Generic |
|
nickname |
Exchange%20STMP |
Service Name (Optional) |
Exchange STMP |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
ServerInit |
smtp |
Server Initiating Protocols |
SMTP |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
src |
Persistence Options |
Source IP Address |
|
PersistTimeout |
3600 |
Timeout |
1 Hour |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
120 |
Idle Connection Timeout |
120 |
|
CheckType |
smtp |
Real Server Check Method |
Mailbox (SMTP) Protocol |
|
CheckPort |
25 |
Checked Port |
25 |
|
SMTPS |
|||
|
port |
587 |
Port |
587 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
gen |
Service Type |
Generic |
|
nickname |
Exchange%20SMTPS |
Service Name (Optional) |
Exchange STMPS |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
ServerInit |
smtp |
Server Initiating Protocols |
SMTP |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
src |
Persistence Options |
Source IP Address |
|
PersistTimeout |
3600 |
Timeout |
1 Hour |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
120 |
Idle Connection Timeout |
120 |
|
CheckType |
tcp |
Real Server Check Method |
tcp |
|
CheckPort |
587 |
Checked Port |
587 |
|
SMTPS Offloaded |
|||
|
port |
587 |
Port |
587 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
gen |
Service Type |
Generic |
|
nickname |
Exchange%20SMTPS%20Offload |
Service Name (Optional) |
Exchange STMPS Offload |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
ServerInit |
smtp |
Server Initiating Protocols |
SMTP |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
src |
Persistence Options |
Source IP Address |
|
PersistTimeout |
3600 |
Timeout |
1 Hour |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
120 |
Idle Connection Timeout |
120 |
|
SSLAcceleration |
1 |
SSL Acceleration |
Enabled |
|
SSLReencrypt |
0 |
Reencrypt |
Disabled |
|
TLSType |
1 |
Supported Protocols |
TLS1.0, TLS1.1, TLS1.2, and TLS1.3 (Enabled) |
|
CipherSet |
BestPractices |
CipherSet |
BestPractices |
|
CheckType |
smtp |
Real Server Check Method |
Mail (SMTP) Protocol |
|
CheckPort |
25 |
Checked Port |
25 |
|
SMTP with STARTTLS |
|||
|
port |
25 |
Port |
25 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
StartTLS |
Service Type |
STARTTLS protocols |
|
nickname |
Exchange%20SMTP%20STARTTLS |
Service Name (Optional) |
Exchange STMP STARTTLS |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
StartTLSMode |
smtp |
Server Initiating Protocols |
SMTP |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
src |
Persistence Options |
Source IP Address |
|
PersistTimeout |
3600 |
Timeout |
1 Hour |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
Idletime |
120 |
Idle Connection Timeout |
120 |
|
SSLAcceleration |
1 |
SSL Acceleration |
Enabled |
|
TLSType |
1 |
Supported Protocols |
TLS1.0, TLS1.1, TLS1.2, and TLS1.3 (Enabled) |
|
CipherSet |
BestPractices |
CipherSet |
BestPractices |
|
CheckType |
smtp |
Real Server Check Method |
Mail (SMTP) Protocol |
|
CheckPort |
25 |
Checked Port |
25 |
|
SMTP with ESP |
|||
|
port |
25 |
Port |
25 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
gen |
Service Type |
Generic |
|
nickname |
Exchange%20STMP%20ESP |
Service Name (Optional) |
Exchange STMP ESP |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
ServerInit |
smtp |
Server Initiating Protocols |
SMTP |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
src |
Persistence Options |
Source IP Address |
|
PersistTimeout |
3600 |
Timeout |
1 Hour |
|
Schedule |
rr |
Scheduling Method |
round robin |
|
IdleTime |
120 |
Idle Connection Timeout |
120 |
|
EnableESP |
1 |
Enable ESP |
Enabled |
|
ESPLog |
4 |
ESP Logging |
Connection (Enabled) |
|
Smtpallow |
“Example.com” |
SMTP Allowed Domains |
Example.com |
|
CheckType |
smtp |
Real Server Check Method |
Mail (SMTP) Protocol |
|
CheckPort |
25 |
Checked Port |
25 |
5.6 Exchange 2016 Office Online Server Virtual Service Recommended Settings (Optional)
|
API Parameter |
API Value |
WUI Field Name |
WUI Field Value |
|---|---|---|---|
|
Office Online Server |
|||
|
port |
443 |
Port |
443 |
|
prot |
tcp |
Protocol |
tcp |
|
VStype |
http |
Service Type |
HTTP-HTTP/2-HTTPS |
|
nickname |
Exchange%20Office%20Online |
Service Name (Optional) |
Exchange Office Online |
|
ForceL7 |
1 |
Force L4 |
Disabled |
|
Transparent |
0 |
Transparency |
Disabled |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
|
Persist |
Super-src |
Persistence Options |
Super HTTP and Souce IP |
|
PersistTimeout |
1800 |
Timeout |
30 Minutes |
|
Schedule |
lc |
Scheduling Method |
least connection |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
|
SSLAcceleration |
1 |
SSL Acceleration |
Enabled |
|
SSLReencrypt |
1 |
Reencrypt |
Enabled |
|
TLSType |
1 |
Supported Protocols |
TLS1.0, TLS1.1, TLS1.2, and TLS1.3 (Enabled) |
|
CipherSet |
BestPractices |
CipherSet |
BestPractices |
|
CheckType |
https |
Real Server Check Method |
HTTPS Protocol |
|
CheckPort |
443 |
Checked Port |
443 |
|
CheckUrl |
/hosting/discovery |
URL |
/hosting/discovery |
|
CheckUse1.1 |
1 |
Use HTTP/1.1 |
Enabled |
|
CheckUseGet |
1 |
HTTP Method |
GET |
6 References
Unless otherwise specified, the documents below can be found at http://www.kemptechnologies.com/documentation
Web User Interface (WUI), Configuration Guide
Virtual Services and Templates, Feature Description
Microsoft Exchange 2010, Deployment Guide
Microsoft Exchange 2013, Deployment Guide
Exchange Team Blog post on Load Balancing in Exchange 2016
http://blogs.technet.com/b/exchange/archive/2015/10/08/load-balancing-in-exchange-2016.aspx
Last Updated Date
This document was last updated on 27 February 2023.