This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to allow access to OWA to selected external users?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to allow access to OWA to selected external users?

Sobolenko
L2 Linker

‎06-10-2015 06:05 AM

Hello everyone,

I was hoping to get couple ideas on the problem that we currently have and cannot give a solution yet.

About a year ago we were able to migrate our old firewalls infrastructure to PAN.

We had 1 firewall facing internet(Sidewinder) - basically for Destination NAT functions, MS ISA server as proxy and main firewall (behind Sidewinder) and Microsoft TMG for IPSec VPN only.

We have migrated all of these legacy devices to a A/P Pair of 5050 with vsys - 1 vsys for Sidewinder, 1 vsys for ISA and 1 for TMG.

Now, because of native functionality of ISA Server, our customer was able to select certain outside(external) users to allow access to Public OWA portal while blocking the rest and users located inside customer's network all were able to connect to OWA.

After we've culminated migration, this functionality being lost and it is very important to implement something similar.

The tools available to us at this moment are:

PA5050 with 22 vsys available

AD access

Captive Portal

We were working on Reverse Proxy from other brands, but it requires additional cost and we are not allowed to do so.

Please, any ideas or help would be extremely appreciated.

Thanks in advance,

Val

Labels:
0 Likes Likes
2 REPLIES 2

lewis
L4 Transporter

‎06-10-2015 06:29 AM

You could create a rule leveraging CP. First create a rule in CP to the external IPs to prompt user with the CP page.  Then create a security rule to allow access by source IP filter (based on static IP address or a geographic location) and by source user in a specific AD group to be able to login.

Eslam.Basyouni
L0 Member
In response to lewis

‎05-09-2020 05:29 AM

what about if i want to do the same for other application , i mean for exchange Active Sync  on mobile too

0 Likes Likes
  • 4136 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks