Exchange 2019 HTTPS Offload with ESP and WAF Recommended Settings (Optional)
- Last Updated: September 12, 2025
- LoadMaster
- LoadMaster GA
- Documentation
|
API Parameter |
API Value |
WUI Field Name |
WUI Field Value |
Use with Template |
|---|---|---|---|---|
|
HTTP Redirect |
||||
|
port |
80 |
Port |
80 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
nickname |
Exchange%202019%20HTTPS%20Offloaded%20with%20ESP%20and%20WAF%20HTTP%20Redirect |
Service Name |
Exchange 2019 HTTPS Offloaded with ESP and WAF - HTTP Redirect |
All |
|
Errorcode |
302 |
Error Code |
302 Found |
All |
|
ErrorUrl |
https:%2F%2F%25h%25s |
Redirect URL |
https://%h%s |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
Main Virtual Service |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
VStype |
http |
Service Type |
HTTP-HTTP/2-HTTPS |
All |
|
nickname |
Exchange%202019%20HTTPS%20 Offload%20with%20ESP%20and%20WAF |
Service Name |
Exchange 2019 HTTPS Offload with ESP and WAF |
Create Unique Name |
|
Transparent |
1 |
Transparency |
Enabled |
All |
|
SSLAcceleration |
1 |
SSL Acceleration |
Enabled |
All |
|
SSLReencrypt |
0 |
Reencrypt |
Disabled |
0 for Offload 1 for Reencrypt |
|
TLSType |
7 |
Supported Protocols |
TLS1.2 and TLS1.3 (Enabled) |
All |
|
CipherSet |
BestPractices |
Cipher Set |
BestPractices |
All |
|
Tls13CipherSet |
TLS_AES_256_GCM_SHA384%20TLS_CHACHA20_POLY1305_SHA256%20TLS_AES_128_GCM_SHA256 |
TLS1.3 Ciphersets |
TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256 enabled |
All |
|
Persist |
none |
Persistence Options |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
1800 |
Idle Connection Timeout |
1800 |
All |
|
SubVSs |
||||
|
Authentication Proxy |
||||
|
port |
443 |
Port |
443 |
ESP Enabled |
|
prot |
tcp |
Protocol |
tcp |
ESP Enabled |
|
Nickname |
Authentication%20Proxy |
SubVS Name |
Authentication Proxy |
ESP Enabled |
|
Errorcode |
503 |
Error Code |
503 Service Unavailable |
ESP Enabled |
|
ErrorUrl |
Endpoint%20not%20available |
Error Message |
Endpoint not available |
ESP Enabled |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
ESP Enabled |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security, and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
2 |
Client Authentication Mode |
Form Based |
ESP Enabled |
|
OutputAuthMode |
2 |
Server Authentication Mode |
Form Based |
ESP Enabled |
|
AllowedDirectories |
%2F%2A |
Allowed Virtual Directories |
/* |
ESP Enabled |
|
SingleSignOnMessage |
Please%20enter%20your%20Exchange%20credentials |
SSO Greeting Message |
Please enter your Exchange credentials |
ESP Enabled |
|
ActiveSync |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
ActiveSync |
SubVS Name |
ActiveSync |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
none |
Persistence Mode |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
0 |
Idle Connection Timeout |
Empty |
All |
|
CheckPort |
80 |
Checked Port |
80 |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
CheckUrl |
%2Fmicrosoft-server-activesync%2Fhealthcheck.htm |
URL |
/microsoft-server-activesync/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
1 |
Client Authentication Mode |
Basic Authentication |
ESP Enabled |
|
AllowedDirectories |
%2Fmicrosoft-server-activesync%2A |
Allowed Virtual Directories |
/microsoft-server-activesync* |
ESP Enabled |
| API | ||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
API |
SubVS Name |
API |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
none |
Persistence Mode |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
0 |
Idle Connection Timeout |
Empty |
All |
|
CheckPort |
80 |
Checked Port |
80 |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
CheckUrl |
%2Fapi%2Fhealthcheck.htm |
URL |
/api/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
0 |
Enable ESP |
Disabled |
All |
|
Autodiscover |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
Autodiscover |
SubVS Name |
Autodiscover |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
none |
Persistence Mode |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
0 |
Idle Connection Timeout |
Empty |
All |
|
CheckPort |
80 |
Checked Port |
80 |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
CheckUrl |
%2Fautodiscover%2Fhealthcheck.htm |
URL |
/autodiscover/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
AllowedDirectories |
%2Fautodiscover%2A |
Allowed Virtual Directories |
/autodiscover* |
ESP Enabled |
|
ECP |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
ECP |
SubVS Name |
ECP |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
none |
Persistence Mode |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
0 |
Idle Connection Timeout |
Empty |
All |
|
Interceptmode |
2 |
OWASP Core Rule Set WAF |
Enabled |
WAF enabled |
|
CheckPort |
80 |
Checked Port |
80 |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
CheckUrl |
%2Fecp%2Fhealthcheck.htm |
URL |
/ecp/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
2 |
Client Authentication Mode |
Form Based |
ESP Enabled |
|
AllowedDirectories |
%2Fecp%2A |
Allowed Virtual Directories |
/ecp* |
ESP Enabled |
|
SingleSignOnMessage |
Please%20enter%20your%20Exchange%20credentials |
SSO Greeting Message |
Please enter your Exchange credentials |
ESP Enabled |
|
EWS |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
EWS |
SubVS Name |
EWS |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
none |
Persistence Mode |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
0 |
Idle Connection Timeout |
Empty |
All |
|
CheckPort |
80 |
Checked Port |
80 |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
CheckUrl |
%2Fews%2Fhealthcheck.htm |
URL |
/ews/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
AllowedDirectories |
%2Fews%2A |
Allowed Virtual Directories |
/ews* |
ESP Enabled |
|
MAPI |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
MAPI |
SubVS Name |
MAPI |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
none |
Persistence Mode |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
0 |
Idle Connection Timeout |
Empty |
All |
|
CheckPort |
80 |
Checked Port |
80 |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
CheckUrl |
%2Fmapi%2Fhealthcheck.htm |
URL |
/mapi/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
AllowedDirectories |
%2Fmapi%2A |
Allowed Virtual Directories |
/mapi* |
ESP Enabled |
|
OAB |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
OAB |
SubVS Name |
OAB |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
none |
Persistence Mode |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
0 |
Idle Connection Timeout |
Empty |
All |
|
CheckPort |
80 |
Checked Port |
80 |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
CheckUrl |
%2Foab%2Fhealthcheck.htm |
URL |
/oab/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
AllowedDirectories |
%2Foab%2A |
Allowed Virtual Directories |
/oab* |
ESP Enabled |
|
OWA |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
OWA |
SubVS Name |
OWA |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
none |
Persistence Mode |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
0 |
Idle Connection Timeout |
Empty |
All |
|
Interceptmode |
2 |
OWASP Core Rule Set WAF |
Enabled |
WAF enabled |
|
CheckPort |
80 |
Checked Port |
80 |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
CheckUrl |
%2Fowa%2Fhealthcheck.htm |
URL |
/owa/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
2 |
Client Authentication Mode |
Form Based |
ESP Enabled |
|
AllowedDirectories |
%2Fowa%2A |
Allowed Virtual Directories |
/owa* |
ESP Enabled |
|
ExcludedDirectories |
%2Fowa%2Fguid%40smtpdomain%2AExchange%20credentials |
Pre-Authorization Excluded Directories |
/owa/guid@smtpdomain* |
ESP Enabled |
|
SingleSignOnMessage |
Please%20enter%20your%20 |
SSO Greeting Message |
Please enter your Exchange credentials |
ESP Enabled |
|
Logoff |
%2Fowa%2Flogoff.owa |
Logoff String |
/owa/logoff.owa |
ESP Enabled |
|
PowerShell |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
PowerShell |
SubVS Name |
PowerShell |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
none |
Persistence Mode |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
0 |
Idle Connection Timeout |
Empty |
All |
|
CheckPort |
80 |
Checked Port |
80 |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
CheckUrl |
%2Fpowershell%2Fhealthcheck.htm |
URL |
/powershell/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
AllowedDirectories |
%2Fpowershell%2A |
Allowed Virtual Directories |
/powershell* |
ESP Enabled |
|
RPC |
||||
|
port |
443 |
Port |
443 |
All |
|
prot |
tcp |
Protocol |
tcp |
All |
|
Nickname |
RPC |
SubVS Name |
RPC |
All |
|
SubnetOriginating |
1 |
Subnet Originating Requests |
Enabled |
All |
|
Persist |
none |
Persistence Mode |
None |
All |
|
Schedule |
lc |
Scheduling Method |
least connection |
All |
|
Idletime |
0 |
Idle Connection Timeout |
Empty |
All |
|
CheckPort |
80 |
Checked Port |
80 |
All |
|
CheckType |
http |
Real Server Check Method |
HTTP Protocol |
All |
|
CheckUrl |
%2Frpc%2Fhealthcheck.htm |
URL |
/rpc/healthcheck.htm |
All |
|
CheckUse1.1 |
0 |
Use HTTP/1.1 |
Disabled |
All |
|
CheckUseGet |
1 |
HTTP Method |
GET |
All |
|
EspEnabled |
1 |
Enable ESP |
Enabled |
ESP Enabled |
|
ESPLogs |
7 |
ESP Logging |
User Access, Security and Connection (Enabled) |
ESP Enabled |
|
InputAuthMode |
0 |
Client Authentication Mode |
Delegate to Server |
ESP Enabled |
|
AllowedDirectories |
%2Frpc%2A |
Allowed Virtual Directories |
/rpc* |
ESP Enabled |