Folder Proxy + OWA + ECP/EAC Guide

Version 2.0 | April 2016

Copyright © 2016 iWebGate. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of iWebGate as provided by the explicit terms and conditions of our license agreement.

Basic Rights of Use

Thank you for choosing iWebGate. Registration of your product is required during the installation process outlined in this document. Registration of a single product entitles you to begin using the product for the specific purposes of the product. Additional licensing might be required to use additional features. For more information about iWebGate, visit us at http://www.iwebgate.com.

Trademarks

Microsoft, Windows, Windows NT, and Vista are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.

Statement of Conditions

To ensure proper operational function and/or reliability of the product is maintained, iWebGate reserves the right to make changes to the product described within this document, via electronic means or otherwise, without notice. iWebGate does not assume any liability that may occur due to the use, or application of, the product described herein.

Table of Contents

Introduction 4

1. Upload Signed Certificate in VSP 4

2. Configure Folder Proxy in VSP 8

3. Add MFA to Folder Proxy 12

4. Configure DNS Entry 13

5. Outlook Web App (OWA) 13

6. Exchange Control Panel /Exchange Admin Center 14

4

Introduction This guide will show how to set up the Virtual Segmentation Platform (VSP) as a folder

proxy to Microsoft Exchange 2013 Server before accessing Outlook Web App (OWA) and

Exchange Control Panel (ECP) / Exchange Admin Center (EAC) via a web browser.

The steps for establishing a folder proxy and OWA access with the VSP are:

1. Upload Signed Certificate in VSP

2. Configure the Folder Proxy in VSP

3. Add MFA to Folder Proxy

4. Configure DNS Entry

5. Outlook Web App (OWA)

6. Exchange Control Panel (ECP) / Exchange Admin Center (EAC)

Since this is a guide of how to setup a folder proxy for Microsoft Exchange 2013 server

using OWA, additional information on the VSP can be found in its detailed manuals.

Requirements:

Functioning Microsoft Exchange 2013 server and OWA access

Certificate/Private Key for the email domain that is signed by a Certificate

Authority (e.g. *.p12 or *.pfx)

Administrator login credentials to the Virtual Segmentation Platform (VSP) and ECP

/ EAC

Access to DNS records

1. Upload Signed Certificate in VSP Log into the Virtual Segmentation Platform (VSP) with your administrator credentials.

5

6

Click Certificate Manager on the Administration menu of the Virtual Segmentation Platform

(VSP).

Click Upload Signed Certificate in Certificate Manager.

Click Choose File to open File Explorer to select the certificate off your device before

clicking Upload.

Make sure to assign

the certificate by

clicking Assign

It is possible to use the same FQDN as your existing public facing

Exchange Client Access Server (CAS). Export existing certificate/key pair

from the CAS, or choose a new FQDN for the proxy before purchasing a

new certificate for it. The certificate/key pair must be in PFX or P12

format.

.

7

Assign this certificate as the new VSP certificate, by checking Assign and click Save.

8

After assigning the new certificate, log back into the VSP using the new FQDN.

2. Configure Folder Proxy in VSP While logged into the VSP, click Proxy LP on the sidebar before selecting Reverse Proxy

from the list.

9

Click Add in Backends.

10

Set the internal address of the Exchange CAS port (typically 443), and check SSL. Click

Save.

11

In the main Proxy menu, click Add in Backends.

Name the new proxy and click the Folder Proxy option under the Type section of the new

proxy.

12

Under Folder Mapping, select Exchange Web Services from the drop-down list under Pre-

Configured Folder Maps and click Add.

3. Add MFA to Folder Proxy Proxies can use multi-factor authentication (Google Authenticator) to strengthen the

security of the connection.

To configure proxy authentication, click Configure MFA in the main Reverse Proxy

module.

Select the desired 1st Factor Type. This is the authentication users must first enter to get

through to the backend proxy servers.

13

Users accessing the folder will need to enter the Time Based One-Time Password received

through the Google Authethicatior app.

4. Configure DNS Entry If choosing to use a new FQDN for the proxy server, then you can add it to your DNS and

test without danger of disrupting existing Exchange clients.

If choosing the same FQDN as existing public facing Exchange server for the proxy, you

would need to change the DNS record to point it to the proxy's IP address. However, it is

recommended to first test that the proxy and Exchange server configurations are working

as expected before making a change to the DNS configuration.

To test Outlook on the client PC before changing DNS, put an entry in

C:\Windows\System32\Drivers\etc\hosts on the client PC for the FQDN of the proxy for

testing. Once verified that the configuration is correct, change the DNS and remove the

entry from the hosts file. This allows testing without disruption of existing Exchange clients.

5. Outlook Web App (OWA) Open the /owa folder via the proxy on the Exchange server by connecting to https://(FQDN-of-proxy-server)/owa :

14

Enter the username and password, before clicking sign in.

Access to OWA through the folder proxy is now established.

6. Exchange Control Panel (ECP) / Exchange Admin Center (EAC)

Open the /ecp folder via the proxy on the Exchange server by connecting to https://(FQDN-of-proxy-server)/ecp :

15

Enter the Administrator username and password, before clicking sign in.

Access to ECP / EAC through the folder proxy is now established.

Version 2.0 | April 2016