Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

ASM Geolocation to block Exchange 2016 with APM

Hello,

I have the Exchange 2016 with LTM and APM (using iApps) all working fine with APM and LTM. Now I enable the ASM with main goal to use the Geolocation protection but is not blocking or doing anything. I do have the XFF enable and I can see in the sessions the correct source IP but the ASM is not blocking it, any idea?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

You have to check "Trust XFF Header" (Trusting X-Forwarded-For headers in the BIG-IP ASM system):

Security ›› Application Security : Policy : Policy Properties then chec "Trust XFF Header".

You have here article about this functionnality:

https://support.f5.com/csp/article/K12264

You can also set you Geoloc restriction in APM: K79414542: Configuring geolocation enforcement

https://support.f5.com/csp/article/K79414542

regards

0
Comments on this Answer
Comment made 1 month ago by Fred Davila 1

Thanks but unfortunately this didn't work and according to the F5 the only way to have this work with Exchange was, creating 2 virtual servers one for ASM only and then fwd the traffic to the LTM/APM virtual server of Exchange and with it the ASM Geolocation was working fine.

Flow like this; Internet IP Virtual Server with ASM Policy -> FWD Traffic to the local Virtual Server that have the APM and LTM settings for Exchange

I tried the XFF functionality but didn't work.

Regards

0