https://live.paloaltonetworks.com/t5/general-topics/reverse-proxy-for-exchange-activesync/m-p/583893#M116672 <P>Hello ! Thanks for the reply !</P> <P>&nbsp;</P> <P>But in case I have to specify web-browsing explicitely, it will allow all trafic to the HTTPS port including OWA / ECP /.. , which I do not want to open. I only want to allow activesync . Is there a way to do this ?</P> Tue, 16 Apr 2024 13:14:28 GMT karsayor 2024-04-16T13:14:28Z https://live.paloaltonetworks.com/t5/general-topics/reverse-proxy-for-exchange-activesync/m-p/583371#M116616 <P>We have a Palto Alto cluster and I want to use them as reverse proxy for our Exchange inbound trafic. We activated decryption for this trafic and we want to allow <U><STRONG>only</STRONG> </U>ActiveSync trafic / application.</P> <P>&nbsp;</P> <P>It did not work with only allow ActiveSync application, we also had to create another rule to allow web-browsing to URL&nbsp;*/microsoft-server-activesync because it does not detect all trafic as activesync, even though it's decrypted.</P> <P>&nbsp;</P> <P>In attached picture the log of a part of the trafic when I sync my iphone with the native mail application.</P> <P>&nbsp;</P> <P>Anyone already done this ? Why doesn't it detect correctly the trafic as ActiveSync ?</P> Thu, 11 Apr 2024 12:30:31 GMT https://live.paloaltonetworks.com/t5/general-topics/reverse-proxy-for-exchange-activesync/m-p/583371#M116616 karsayor 2024-04-11T12:30:31Z https://live.paloaltonetworks.com/t5/general-topics/reverse-proxy-for-exchange-activesync/m-p/583890#M116670 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/389687115">@karsayor</a>&nbsp;,</P> <P>&nbsp;</P> <P><SPAN>Looking at applipedia info for activesync, web-browsing should be implicitly allowed and no explicit configuration should be required.</SPAN></P> <P>&nbsp;</P> <P>That said, a<SPAN>pplications for which the firewall cannot determine dependent applications on time will require that you explicitly allow the dependent applications when defining your policies.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Source:</SPAN></P> <P><SPAN><A href="https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/app-id/applications-with-implicit-support" target="_blank">https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/app-id/applications-with-implicit-support</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>Kind regards,</SPAN></P> <P><SPAN>-Kim.</SPAN></P> <P>&nbsp;</P> Tue, 16 Apr 2024 13:02:21 GMT https://live.paloaltonetworks.com/t5/general-topics/reverse-proxy-for-exchange-activesync/m-p/583890#M116670 kiwi 2024-04-16T13:02:21Z https://live.paloaltonetworks.com/t5/general-topics/reverse-proxy-for-exchange-activesync/m-p/583893#M116672 <P>Hello ! Thanks for the reply !</P> <P>&nbsp;</P> <P>But in case I have to specify web-browsing explicitely, it will allow all trafic to the HTTPS port including OWA / ECP /.. , which I do not want to open. I only want to allow activesync . Is there a way to do this ?</P> Tue, 16 Apr 2024 13:14:28 GMT https://live.paloaltonetworks.com/t5/general-topics/reverse-proxy-for-exchange-activesync/m-p/583893#M116672 karsayor 2024-04-16T13:14:28Z