Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The EWS Protector is also used in order to prevent DOS (Denial of Service) attacks, by having a counter for incorrect sign-in attempts to the Exchange web services.


Configuring EWS Protection

In order to To configure the EWS Protection, we 'll need to must create a channel in the Bastion.xml (please note that the default Bastion.xml has an existing EWS Channel already existingchannel)


Tags

  • Channel Name - Specify the name of the Channel.
  • Listener - Specify the listener to be used by this channel (more on configuring listeners)
  • External Hosts - Specify the Exchange Autodiscover hostname and the Exchange Web Services hostname
  • Publish - Specify the FQDN or IP of the next hop that will get to the Client Access Server Role (From Exchange server 2016 and up this is now a service).
  • sslPort - Specify the port to forward the traffic on
  • Filter - Specify the folder and filter DLL to be used (in the example below ews\EWS_protector is used, which is the folder that resides by default in C:\Agat\Bastion\Filters)

...

Afterwards, save the file.


Configuring EWS Protector settings on

...

Admin Portal


In the Access Admin Portal, go to Settings → EWS Protector, or by using the following URL: /admin/settings?category=settings_ews_protector_settings_category_header

...

User Agents permitted to access Exchange - Which user-agents are allowed to access Exchange (user-agents are the types of devicesBy devices, which by default set to only SfB Devices, you .  You can add "All" as well.)

Allow SfB PC and Android clients - By default set to Yes, allows PCs and Android client in addition to iPhone devices.

...