Exchange 2016 HTTPS Offload with WAF Recommended Settings (Optional)

HTTP Redirect

port

80

Port

80

All

prot

tcp

Protocol

tcp

All

nickname

Exchange%202016%20HTTPS%20Offloaded%20with%20WAF%20HTTP%20Redirect

Service Name

Exchange 2016 HTTPS Offloaded with WAF - HTTP Redirect

All

Errorcode

302

Error Code

302 Found

All

ErrorUrl

https:%2F%2F%25h%25s

Redirect URL

https://%h%s

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

Main Virtual Service

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

VStype

http

Service Type

HTTP-HTTP/2-HTTPS

All

nickname

Exchange%202016%20HTTPS%20Offload%20with%20WAF

Service Name

Exchange 2016 HTTPS Offload with WAF

Create Unique Name

SSLAcceleration

1

SSL Acceleration

Enabled

All

SSLReencrypt

0

Reencrypt

Disabled

0 for Offload

1 for Reencrypt

TLSType

7

Supported Protocols

TLS1.2 and TLS1.3 (Enabled)

All

CipherSet

BestPractices

Cipher Set

BestPractices

All

Tls13CipherSet

TLS_AES_256_GCM_SHA384%20TLS_CHACHA20_POLY1305_SHA256%20TLS_AES_128_GCM_SHA256

TLS1.3 Ciphersets

TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256 enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

1800

Idle Connection Timeout

1800

All

SubVSs

ActiveSync

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

Nickname

ActiveSync

SubVS Name

ActiveSync

All

SubnetOriginating

1

Subnet Originating Requests

Enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

0

Idle Connection Timeout

Empty

All

CheckPort

80

Checked Port

80

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

CheckUrl

%2Fmicrosoft-server-activesync%2Fhealthcheck.htm

URL

/microsoft-server-activesync/healthcheck.htm

All

CheckUse1.1

0

Use HTTP/1.1

Disabled

All

CheckUseGet

1

HTTP Method

GET

All

EspEnabled

0

Enable ESP

Disabled

All

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

Nickname

API

SubVS Name

API

All

SubnetOriginating

1

Subnet Originating Requests

Enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

0

Idle Connection Timeout

Empty

All

CheckPort

80

Checked Port

80

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

CheckUrl

%2Fapi%2Fhealthcheck.htm

URL

/api/healthcheck.htm

All

CheckUse1.1

0

Use HTTP/1.1

Disabled

All

CheckUseGet

1

HTTP Method

GET

All

EspEnabled

0

Enable ESP

Disabled

All

Autodiscover

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

Nickname

Autodiscover

SubVS Name

Autodiscover

All

SubnetOriginating

1

Subnet Originating Requests

Enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

0

Idle Connection Timeout

Empty

All

CheckPort

80

Checked Port

80

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

CheckUrl

%2Fautodiscover%2Fhealthcheck.htm

URL

/autodiscover/healthcheck.htm

All

CheckUse1.1

0

Use HTTP/1.1

Disabled

All

CheckUseGet

1

HTTP Method

GET

All

EspEnabled

0

Enable ESP

Disabled

All

ECP

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

Nickname

ECP

SubVS Name

ECP

All

SubnetOriginating

1

Subnet Originating Requests

Enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

0

Idle Connection Timeout

Empty

All

CheckPort

80

Checked Port

80

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

CheckUrl

%2Fecp%2Fhealthcheck.htm

URL

/ecp/healthcheck.htm

All

CheckUse1.1

0

Use HTTP/1.1

Disabled

All

CheckUseGet

1

HTTP Method

GET

All

EspEnabled

0

Enable ESP

Disabled

All

EWS

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

Nickname

EWS

SubVS Name

EWS

All

SubnetOriginating

1

Subnet Originating Requests

Enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

0

Idle Connection Timeout

Empty

All

CheckPort

80

Checked Port

80

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

CheckUrl

%2Fews%2Fhealthcheck.htm

URL

/ews/healthcheck.htm

All

CheckUse1.1

0

Use HTTP/1.1

Disabled

All

CheckUseGet

1

HTTP Method

GET

All

EspEnabled

0

Enable ESP

Disabled

All

MAPI

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

Nickname

MAPI

SubVS Name

MAPI

All

SubnetOriginating

1

Subnet Originating Requests

Enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

0

Idle Connection Timeout

Empty

All

CheckPort

80

Checked Port

80

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

CheckUrl

%2Fmapi%2Fhealthcheck.htm

URL

/mapi/healthcheck.htm

All

CheckUse1.1

0

Use HTTP/1.1

Disabled

All

CheckUseGet

1

HTTP Method

GET

All

EspEnabled

0

Enable ESP

Disabled

All

OAB

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

Nickname

OAB

SubVS Name

OAB

All

SubnetOriginating

1

Subnet Originating Requests

Enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

0

Idle Connection Timeout

Empty

All

CheckPort

80

Checked Port

80

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

CheckUrl

%2Foab%2Fhealthcheck.htm

URL

/oab/healthcheck.htm

All

CheckUse1.1

0

Use HTTP/1.1

Disabled

All

CheckUseGet

1

HTTP Method

GET

All

EspEnabled

0

Enable ESP

Disabled

All

OWA

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

Nickname

OWA

SubVS Name

OWA

All

SubnetOriginating

1

Subnet Originating Requests

Enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

0

Idle Connection Timeout

Empty

All

Interceptmode

2

OWASP Core Rule Set WAF

Enabled

CheckPort

80

Checked Port

80

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

CheckUrl

%2Fowa%2Fhealthcheck.htm

URL

/owa/healthcheck.htm

All

CheckUse1.1

0

Use HTTP/1.1

Disabled

All

CheckUseGet

1

HTTP Method

GET

All

EspEnabled

0

Enable ESP

Disabled

All

PowerShell

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

Nickname

PowerShell

SubVS Name

PowerShell

All

SubnetOriginating

1

Subnet Originating Requests

Enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

0

Idle Connection Timeout

Empty

All

CheckPort

80

Checked Port

80

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

CheckUrl

%2Fpowershell%2Fhealthcheck.htm

URL

/powershell/health

All

CheckUse1.1

0

Use HTTP/1.1

Disabled

All

CheckUseGet

1

HTTP Method

GET

All

EspEnabled

0

Enable ESP

Disabled

All

RPC

port

443

Port

443

All

prot

tcp

Protocol

tcp

All

Nickname

RPC

SubVS Name

RPC

All

SubnetOriginating

1

Subnet Originating Requests

Enabled

All

Persist

none

Persistence Mode

None

All

Schedule

lc

Scheduling Method

least connection

All

Idletime

0

Idle Connection Timeout

Empty

All

CheckPort

80

Checked Port

80

All

CheckType

http

Real Server Check Method

HTTP Protocol

All

CheckUrl

%2Frpc%2Fhealthcheck.htm

URL

/rpc/healthcheck.htm

All

CheckUse1.1

0

Use HTTP/1.1

Disabled

All

CheckUseGet

1

HTTP Method

GET

All

EspEnabled

0

Enable ESP

Disabled

All