...
The EWS Protector is also used in order to prevent DOS (Denial of Service) attacks, by having a counter for incorrect sign-in attempts to the Exchange web services.
Configuring EWS Protection
In order to To configure the EWS Protection, we 'll need to must create a channel in the Bastion.xml (please note that the default Bastion.xml has an existing EWS Channel already existingchannel)
Tags
- Channel Name - Specify the name of the Channel.
- Listener - Specify the listener to be used by this channel (more on configuring listeners)
- External Hosts - Specify the Exchange Autodiscover hostname and the Exchange Web Services hostname
- Publish - Specify the FQDN or IP of the next hop that will get to the Client Access Server Role (From Exchange server 2016 and up this is now a service).
- sslPort - Specify the port to forward the traffic on
- Filter - Specify the folder and filter DLL to be used (in the example below ews\EWS_protector is used, which is the folder that resides by default in C:\Agat\Bastion\Filters)
...
Afterwards, save the file.
Configuring EWS Protector settings on
...
Admin Portal
In the Access Admin Portal, go to Settings → EWS Protector, or by using the following URL: /admin/settings?category=settings_ews_protector_settings_category_header
...
User Agents permitted to access Exchange - Which user-agents are allowed to access Exchange (user-agents are the types of devicesBy devices, which by default set to only SfB Devices, you . You can add "All" as well.)
Allow SfB PC and Android clients - By default set to Yes, allows PCs and Android client in addition to iPhone devices.
...