locked
Restrict Outlook Anywhere external access in exchange 2013 RRS feed

  • Question

  • Hi,

    I have deployed Exchange 2013 CU2 in my organization, i want to block the external access of Outlook anywhere, OWA and ECP.

    We are using the same urls for all virtual directories.

    We have purchased and installed the public certificate too.

    Please tell me the solution.


    Regards Sunny Chauhan

    Tuesday, November 12, 2013 7:44 AM

All replies

  • Hello Sunny,

    this is more af an Exchange Administration question. You are here where the programmers are at :)
    Placing questions in the right forums makes it more likely the right pros will read your question and make it easier to find for other people that have the same problem.

    That said, external access to those functionalities is handled by your IIS that hosts these apps. Simple firewall settings blocking external access to the IIS on the relevant ports (which you can find in the IIS on the individual virtual directories) should be all that is needed.

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Tuesday, November 12, 2013 8:02 AM
  • hi,

    This post is related to Microsoft Exchange Server deployment and i have posted in Exchange Server forum so i think this is the right place.

    Can i think that you are from MS Exchange Server Domain ??


    Regards Sunny Chauhan

    Tuesday, November 12, 2013 8:37 AM
  • HI Sunny

    Basically with Exchange 2013 you can have external OA and internal OA URL. What you need to do is to put the internal URL in both the place.

    internal.contoso.com (OA - internal and external URL)

    Make sure that the internal URL is not resolvable from outside your environment i.e. no entries for internal.contoso.com on external DNS.

    This way you can still publish your exchange web services externally.

    All the best

    Abhi


    Abhi

    Tuesday, November 12, 2013 9:19 AM
  • hi,

    This post is related to Microsoft Exchange Server deployment and i have posted in Exchange Server forum so i think this is the right place.

    Can i think that you are from MS Exchange Server Domain ??


    Regards Sunny Chauhan

    Hi Sunny,

    the thing is: There are a dozen Exchange forums.
    This one is the development Forum.
    The one to look for deployment is the "Setup, Deployment, Updates and Migration"-Forum.

    And no, I'm not an Employee of Microsoft, if that's what you meant with the question, just a regular forum dweller who likes to try helping people (both with technical problems and with navigating the forums).

    But back to the question at hand:
    Either Abhi's or my way ought to work: Either make it invisible from external sources, or block access. Both ought to work just fine.

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Tuesday, November 12, 2013 9:49 AM
  • Dear Abhi,

    Thanks for your response...

    Actually customer wants to keep the same URLs for internal & external access of Exchange 2013 resources. In this case we have to create the same URL entries in the external DNS as we have in internal DNS.


    Regards Sunny Chauhan

    Tuesday, November 12, 2013 10:44 AM
  • Okay so in that case - you will have to make sure the publishing rule on TMG or UAG doesn't allow access to /rpc/* virtual directory

    so specify each virtual directory separately /owa/* /ecp/* /ews/* /async/* and exclude /rpc/* and /oab/*  hopefully that should do the trick.


    Abhi

    Tuesday, November 12, 2013 10:49 AM