Hello everyone.
I am currently using free Kemp Load Balancer on my DMZ to balance inbound HTTP/HTTPS and SMTP traffic to 2 Exchange Server 2019 on DAG.
I downloaded the Core services: MAPI, SMTP and Unified HTTP/HTTPS template for my Exchange Server 2019.
Now, I would like to disable Exchange Administrative Center login from outside my networks and leave it enabled only from my internal networks, e.g. 10.10.40.0/22, 192.168.25.0/24, etcetera.
Could you tell me how to do this configuration? The version of Kemp I am using is 7.2.59.3.22368.RELEASE
Thank you very much for your help on this.
Best regards,
Gabriel
Andrew Spagnuolo
Hello Gabriel,
Do you have separate virtual services for the external and internal traffic, or is everything going through a single virtual service?
If these are separated into different services, and you used the Exchange template with the sub virtual services, you could simply disable the ECP sub vs on the external virtual service.
If everything is handled on the one singular virtual service, you could create a content match rule which matches on any request not from an internal network IP, and fails it. Then apply that rule to the ECP sub virtual service.
You can find an article which goes over how to create a content match rule to match on a subnet and fail it here: https://support.kemptechnologies.com/hc/en-us/articles/200498919-How-to-Content-Match-by-Source-IP
Best Regards,