How to allow access to OWA to selected external users?

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

How to allow access to OWA to selected external users?

L2 Linker

Hello everyone,

I was hoping to get couple ideas on the problem that we currently have and cannot give a solution yet.

About a year ago we were able to migrate our old firewalls infrastructure to PAN.

We had 1 firewall facing internet(Sidewinder) - basically for Destination NAT functions, MS ISA server as proxy and main firewall (behind Sidewinder) and Microsoft TMG for IPSec VPN only.

We have migrated all of these legacy devices to a A/P Pair of 5050 with vsys - 1 vsys for Sidewinder, 1 vsys for ISA and 1 for TMG.

Now, because of native functionality of ISA Server, our customer was able to select certain outside(external) users to allow access to Public OWA portal while blocking the rest and users located inside customer's network all were able to connect to OWA.

After we've culminated migration, this functionality being lost and it is very important to implement something similar.

The tools available to us at this moment are:

PA5050 with 22 vsys available

AD access

Captive Portal

We were working on Reverse Proxy from other brands, but it requires additional cost and we are not allowed to do so.

Please, any ideas or help would be extremely appreciated.

Thanks in advance,



L4 Transporter

You could create a rule leveraging CP. First create a rule in CP to the external IPs to prompt user with the CP page.  Then create a security rule to allow access by source IP filter (based on static IP address or a geographic location) and by source user in a specific AD group to be able to login.

what about if i want to do the same for other application , i mean for exchange Active Sync  on mobile too

  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!