Exchange 2013 - Disable external access to ECP via Kemp WAF

0

As many of you that have experience with Exchange 2013 know, Microsoft for some reason left it so that your ECP logon page is available to the outside world with no real solution to fixing that.  I have disabled the ECP on my mail servers via powershell and then stood up an another server that is not outward facing and I currently use that for ECP access.  Problem is that with my outward facing mail servers, OWA is also unavailable as a result of disabling the ECP on those servers.

So I'm wondering if anyone has used their Load Master WAF to restrict external access to your Exchange 2013 ECP while leaving access to OWA in tact and how did you do it?

 

Thanks in advance!

4 comments

Avatar
0
itservicedesk

Hi Eric, I know this is a long shot, but did you manage to set this up? We are migrating from MS IIS ARR to Kemp LoadMasters, currently we have ECP and EAS blocked via IIS ARR and would like to configure this block. We have premium plus so can utilise WAF if required. The IIS ARR basically aborts a connection if the URL includes /ecp or /Microsoft-Server-ActiveSync

Avatar
0
it

Any solution to this?

Avatar
0
itservicedesk

Yes, we just used the Kemp templates for Exchange (https://kemptechnologies.com/uk/docs/) and disabled the services we didn't want people to access, as below.

Avatar
0
Naseer Husein

The easiest solution would be to have 2 separate VS, one for external and one for internal. For the external VS, only enable the services you want your external users to access.