This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Newbee Needs Help

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Newbee Needs Help

WayneFusco
Not applicable

‎10-08-2011 05:37 AM

I am trying to setup outlook web access (Exchange 2010) for my network.

Here is what I have done thus far:

Object -> Addresses: Setup the internal address of the exchange server.

Policy -> Security: Created a rule with the following data (Name: owa - Source Zone: untrusted - Address/User: any - Dest Zone: trusted - Dest Address: OWA - Dest Application: Outlook-web (factory defined) Dest Service: service-https (Factory Defined)

When I go to commit the changes I get this:

device: Rule 'OWA' application dependency warning:

- Application 'outlook-web' requires 'ssl' allowed in the policy

- Application 'outlook-web' requires 'web-browsing' allowed in the policy

Configuration committed successfully

Not sure what its telling me to do..

Thanks in advance

Wayne

0 Likes Likes
6 REPLIES 6

WayneFusco
Not applicable

‎10-08-2011 05:42 AM

Never Mind - I figured it out..

Sweet!!!!

0 Likes Likes

WayneFusco
Not applicable
In response to WayneFusco

‎10-08-2011 06:42 AM

Okay maybe not.

Dont know what needs to happen to connect from the outside world..

0 Likes Likes

gswcowboy
L6 Presenter
In response to WayneFusco

‎10-08-2011 01:22 PM

Do you have an Inbound NAT rule associated with the security policy? Untrust to Untrust for the zones, public facing ip for the destination address and then dnat it to your private ip address hosting the services in question.

0 Likes Likes

WayneFusco
Not applicable
In response to gswcowboy

‎10-08-2011 05:16 PM

Hi Thanks,

Can you break it down for me,

remember i am a newbee..

Here is the NAT policy I have

SZ: untrust DZ: trust DI: none SA: any DA: OWA ST: dyn ip & port ether1/3 & my pubic ip DT: address:owa port:433

Is this on the right track?

0 Likes Likes

jleung
L4 Transporter
In response to WayneFusco

‎10-09-2011 04:15 AM

Hi,

For any incoming connection, the NAT policy shouldbe like this:

Original

SRC Zone: untrust, src IP: any

Dst Zone: untrust, dst IP: public IP of OWA

Translated:

Src IP: any any

Dst IP: private IP, Static IP

For security:

Src Zone: Untrust, src IP: any

Dst Zone: DMZ, dst IP: public IP

Application: SSL (as OWA is encrypted)

Regards,

Jones

0 Likes Likes

kamish
L3 Networker
In response to jleung

‎10-11-2011 06:46 AM

- Application 'outlook-web' requires 'ssl' allowed in the policy - In your policy In services allow tcp-443

- Application 'outlook-web' requires 'web-browsing' allowed in the policy - In your policy In services allow tcp-80.

See if this helps.

0 Likes Likes
  • 3181 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks