We have a Palo Alto in front of an Exchange 2010 CAS server.
The Palo Alto is in a back-to-back config with a "dumb" firewall in front of it that only allows port 443 inbound.
The Palo Alto has the SSL cert from the Exchange box on it, so does SSL inspection on all the inbound traffic.
My questions is, can anyone who has Exchange 2010 behind a Palo Alto confirm which apps I'd need to allow if I wanted to be a little smarter than simply allowing port 443 through as a service?
If I drill down using App-ID into the destination IP, over the last 7 days these are the apps/sessions that I see:
Obviously many of those are expected, but equally some aren't.
I'm concerned that unless the list of apps is absolutely correct people will start to find obscure pieces of access to Exchange/Outlook stop working.
Thanks in advance.
The best way to find out what you need is to create a rule that allows traffic to from the mail server from trust to untrust. Then you can use the monitor tab to see all traffic passing through that Policy. Then you can allow just those applications.
I suspect the imprtant ones are these.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!