- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Good day,
I am trying to publish a Microsoft Exchange server using ReverseProxy Check Point ver. – R80.40.
• Stand scheme:
• Mobile Access portal address: https://sslvpn.infopark.uno
• ReverseProxy rules:
Cannot connect from Outside_PC using Microsoft Outlook.
- Logs:
Do I understand correctly that when creating application Outlook_Anywhere in Reverse_Proxy, the necessary rules should be created automatically?
Thanks for your reply. The only rule that currently exists is this rule - allow everything.
These guides didn't help me.
What is the error on the client side?
I'am using an "Exchange" connection type.
An error after connection attempt:
Any logs/errors on Exchange server?
I record traffic using wireshark which is installed to Exhange machine at the time of connection. I don't see any attempts to access Exchange from the IP addresses of the external workstation or the internal ip address of the Check Point.
Are you using OWA or something else?
Yes, we can try to connect to OWA through external IP address of Check Point. Connection attempt failed from the Outside_PC station.
What HTTPS logs above say?
These are logs at the time of connection from the workstation Outside_PC with Outlook.
I looked at debug - arrival of Reverse Proxy requests to Reverse Proxy apache. There it was seen that requests were coming to autodiscover.infopark.uno. I added autodiscover.infopark.uno and mail.infopark.uno to ReverseProxy rules.
This is what the rules look like now:
After that, it was possible to connect using Outlook from Outside_PC.
I removed all access rules from firewall and NAT:
This is a great victory. I have spent a lot of time on this task. Thank you so much for your help.
However, I think there are some difficulties.
Now I can open /owa and/ecp via https://mail.infopark.uno/owa , /ecp. This is the problem because these things have to be
published through the SSL portal.
Do I understand correctly that there is no way I can deny direct access to /owa and/ecp now?
I changed External Server Name on the Reverse Proxy rule:
nslookup from Outside_PC:
Ping from Check Point gw:
but no positive effect. I still can't see any logs with wireshark on Exchange machine.
Check point GW logs at the time of the request:
I can go to https://mail.infopark.uno/owa , the OWA Exchange page opens,
I can go to https://mail.infopark.uno/ecp , the ECP Exchange page opens.
reverseproxy logs are visible at the time of connection:
But attempts to connect using Outlook are still unsuccessful.
| User | Count |
|---|---|
| 19 | |
| 12 | |
| 8 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 4 | |
| 4 | |
| 3 |
Wed 17 Sep 2025 @ 04:00 PM (AEST)
Securing Applications with Check Point and AWS: A Unified WAF-as-a-Service Approach - APACWed 17 Sep 2025 @ 03:00 PM (CEST)
Securing Applications with Check Point and AWS: A Unified WAF-as-a-Service Approach - EMEAThu 18 Sep 2025 @ 03:00 PM (CEST)
Bridge the Unmanaged Device Gap with Enterprise Browser - EMEAThu 18 Sep 2025 @ 02:00 PM (EDT)
Bridge the Unmanaged Device Gap with Enterprise Browser - AmericasWed 17 Sep 2025 @ 04:00 PM (AEST)
Securing Applications with Check Point and AWS: A Unified WAF-as-a-Service Approach - APACWed 17 Sep 2025 @ 03:00 PM (CEST)
Securing Applications with Check Point and AWS: A Unified WAF-as-a-Service Approach - EMEAThu 18 Sep 2025 @ 03:00 PM (CEST)
Bridge the Unmanaged Device Gap with Enterprise Browser - EMEAThu 18 Sep 2025 @ 02:00 PM (EDT)
Bridge the Unmanaged Device Gap with Enterprise Browser - AmericasMon 22 Sep 2025 @ 03:00 PM (CEST)
Defending Hyperconnected AI-Driven Networks with Hybrid Mesh Security EMEA