Forum Discussion

draco's avatar
draco
Icon for Nimbostratus rankNimbostratus
Nov 22, 2018

Exchange Server 2016 and F5 ASM issue

We are loading balancing the exchange servers and LTM is all working fine. Have done it using iapp. Now we applied the ASM policy , and kept the server in transparent mode only. But every time i enable ASM on the virtual server, the outlook stops working.The authentication keeps failing and outlook on client systems gets stuck.But when i remove ASM, everything seems to work fine with LTM. ASM is in transparent mode. Can it cause issue when in transparent ? I dnt see anything getting blocked as well on ASM.the rpc service is the one which will be used for outlook,and i can see in event log that F5 detects it as violation.but it is just alarm and not blocked. How can ASM cause issue when in transparent mode ? What can be done here ?do help out..thanks a lot...

 

application delivery
ASM Advanced WAF
BIG-IP
security

3 Replies

Sort By
  • suttonsc's avatar
    suttonsc
    Icon for Employee rankEmployee
    Nov 30, 2018

    Without evaluating a configuration and sample traffic it's difficult to see conclude what the issues is.

     

    Please review the article and let me know if this allows the RPC service to work.

     

    K40345000: Bypassing the BIG-IP ASM system for connections that use RPC over HTTP (12.1.0 and later)

     

  • draco's avatar
    draco
    Icon for Nimbostratus rankNimbostratus
    Dec 02, 2018

    Yes thank you...had logged case and support too pointed to this article. I used the asm url policy bypass for the rpc traffic instead of irule. It is working fine but my question now is how come in transparent mode, asm is behaving this manner ?

     

  • suttonsc's avatar
    suttonsc
    Icon for Employee rankEmployee
    Dec 03, 2018

    Apologies, are you asking why the ASM is violating on the RPC traffic?

     

    From the description it should have alarmed and not blocked the RPC traffic in Transparent mode. The RPC data is binary and the best option is to have it bypass the ASM security checks.

     

    Let me know if you have a more specific question or examples of a violation to review.