https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-access-to-owa-to-selected-external-users/m-p/1154#M905 <HTML><HEAD></HEAD><BODY><P>Hello everyone,</P><P></P><P>I was hoping to get couple ideas on the problem that we currently have and cannot give a solution yet.</P><P></P><P>About a year ago we were able to migrate our old firewalls infrastructure to PAN.</P><P></P><P>We had 1 firewall facing internet(Sidewinder) - basically for Destination NAT functions, MS ISA server as proxy and main firewall (behind Sidewinder) and Microsoft TMG for IPSec VPN only.</P><P></P><P>We have migrated all of these legacy devices to a A/P Pair of 5050 with vsys - 1 vsys for Sidewinder, 1 vsys for ISA and 1 for TMG.</P><P></P><P>Now, because of native functionality of ISA Server, our customer was able to select certain outside(external) users to allow access to Public OWA portal while blocking the rest and users located inside customer's network all were able to connect to OWA.</P><P></P><P>After we've culminated migration, this functionality being lost and it is very important to implement something similar.</P><P></P><P>The tools available to us at this moment are:</P><P></P><P>PA5050 with 22 vsys available</P><P>AD access</P><P>Captive Portal</P><P></P><P>We were working on Reverse Proxy from other brands, but it requires additional cost and we are not allowed to do so.</P><P></P><P>Please, any ideas or help would be extremely appreciated.</P><P></P><P>Thanks in advance,</P><P>Val</P></BODY></HTML> Wed, 10 Jun 2015 13:05:57 GMT Sobolenko 2015-06-10T13:05:57Z https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-access-to-owa-to-selected-external-users/m-p/1154#M905 <HTML><HEAD></HEAD><BODY><P>Hello everyone,</P><P></P><P>I was hoping to get couple ideas on the problem that we currently have and cannot give a solution yet.</P><P></P><P>About a year ago we were able to migrate our old firewalls infrastructure to PAN.</P><P></P><P>We had 1 firewall facing internet(Sidewinder) - basically for Destination NAT functions, MS ISA server as proxy and main firewall (behind Sidewinder) and Microsoft TMG for IPSec VPN only.</P><P></P><P>We have migrated all of these legacy devices to a A/P Pair of 5050 with vsys - 1 vsys for Sidewinder, 1 vsys for ISA and 1 for TMG.</P><P></P><P>Now, because of native functionality of ISA Server, our customer was able to select certain outside(external) users to allow access to Public OWA portal while blocking the rest and users located inside customer's network all were able to connect to OWA.</P><P></P><P>After we've culminated migration, this functionality being lost and it is very important to implement something similar.</P><P></P><P>The tools available to us at this moment are:</P><P></P><P>PA5050 with 22 vsys available</P><P>AD access</P><P>Captive Portal</P><P></P><P>We were working on Reverse Proxy from other brands, but it requires additional cost and we are not allowed to do so.</P><P></P><P>Please, any ideas or help would be extremely appreciated.</P><P></P><P>Thanks in advance,</P><P>Val</P></BODY></HTML> Wed, 10 Jun 2015 13:05:57 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-access-to-owa-to-selected-external-users/m-p/1154#M905 Sobolenko 2015-06-10T13:05:57Z https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-access-to-owa-to-selected-external-users/m-p/1155#M906 <HTML><HEAD></HEAD><BODY><P>You could create a rule leveraging CP. First create a rule in CP to the external IPs to prompt user with the CP page.&nbsp; Then create a security rule to allow access by source IP filter (based on static IP address or a geographic location) and by source user in a specific AD group to be able to login.</P></BODY></HTML> Wed, 10 Jun 2015 13:29:08 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-access-to-owa-to-selected-external-users/m-p/1155#M906 lewis 2015-06-10T13:29:08Z https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-access-to-owa-to-selected-external-users/m-p/327164#M83273 <P>what about if i want to do the same for other application , i mean for exchange Active Sync<SPAN>&nbsp; on mobile too</SPAN></P> Sat, 09 May 2020 12:29:06 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-access-to-owa-to-selected-external-users/m-p/327164#M83273 Eslam.Basyouni 2020-05-09T12:29:06Z