SRX Services Gateway
Reply
ABW
Visitor
ABW
Posts: 5
Registered: ‎05-15-2012
0

Exchange activesync and outlook anywhere.

Greetings.

Does SRX series support MS Exchange activesync (for mobile devices) and outlook anywhere?

Trusted Contributor
SomeITGuy
Posts: 330
Registered: ‎01-08-2010
0

Re: Exchange activesync and outlook anywhere.

They are treated like any other HTTPS service, the SRX does not have any specifc application level features other than some optional IDP signatures related to them.

ABW
Visitor
ABW
Posts: 5
Registered: ‎05-15-2012
0

Re: Exchange activesync and outlook anywhere.

So, I correctly understand, that rpc proxy is supported too as any other service? Or there is another way?

Trusted Contributor
SomeITGuy
Posts: 330
Registered: ‎01-08-2010
0

Re: Exchange activesync and outlook anywhere.

You really need to clarify what you are talking about...

 

Are you talking about RPC over HTTP/HTTPS ? If so the firewall does not see the RPC because it is encapolated in HTTPS.

 

Are you talking about a OCW/CAS server in a DMZ talking RPC to the backend? This is not a microsoft supproted config and HIGHLY not recommended http://blogs.technet.com/b/exchange/archive/2009/10/21/3408587.aspx

ABW
Visitor
ABW
Posts: 5
Registered: ‎05-15-2012
0

Re: Exchange activesync and outlook anywhere.

I want to place single exchange 2007 server in DMZ after SRX220/240 with working activesync and outlook anywhere. Maybe later I'll need to setup distributed exchange system with 2-3 servers which will be placed in different sites.

 

But yes, I inderstand, that RPC is encapsulated in HTTPS. I have in front of my eyes system with ISA server and think same as it works ).

Trusted Contributor
SomeITGuy
Posts: 330
Registered: ‎01-08-2010
0

Re: Exchange activesync and outlook anywhere.

ISA is a special case for MANY microsoft deployments since it is explicity designed and aware of some microsoft products. Mind you the troublehshotting docs all end with "Reboot".

 

I have never put the OWA/ CAS in a DMZ, microsoft repeatedly suggests that ALL exchange rolls be within the same zone to allow ease of communication... there is an RPC "ALG" service on the SRX but I can't comment on your paticular design if they work well..

 

Forwarding the HTTP traffic is straight forward as well as applying the IDP (if you purchased the option) to the rules.

 

Inter exchange communication is amess since the CAS is going to need AD access, access to the backend servers and unless you also have a seperat internal OWA/CAS your client systems will also need to talk to it.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.