Extended Protection on Exchange Server 2019
78 views
Skip to first unread message
Max Coder
Feb 19, 2024, 5:41:42 AM2/19/24
to ntsysadmin
Hey everyone,
My environment is:
- Recently setup 4 new Exchange 2019 CU13 servers with F5 bigip internally and externally
- F5 LB SSL Offloading , NOT SSL Reencrypted
- Not enabled MAPI/HTTP at the organization level
- Already enabled for TLS 1.2 for client and server operations, as well as .NET
- We are not using HMA (Hybrid Modern Authentication) and Public Folders
AFAIK ,SSL offloading isn't supported with Extended Protection (EP) because EP needs a TLS protected connection to work (we need it for the Channel Binding Token - CBT).
But I have some questions.
1- Have you heard of any issues with EP enabling ?
2- Would there be any special considerations to keep in mind after I enable EP?
3- Any downtime for this? Considering doing this during the day
4- Is there any known issue with archive mailboxes when using retention tags ?
5- I must therefore consider the complete chain of client, outgoing proxy, incoming proxy, load balancer etc., because if you activate the "Extended Protection" function on the last server, this can disrupt the function.
We have been using Skyhigh Web Gateway (McAfee) as Proxy for Clients.
can cause connections to Exchange services to fail ?
My environment is:
- Recently setup 4 new Exchange 2019 CU13 servers with F5 bigip internally and externally
- F5 LB SSL Offloading , NOT SSL Reencrypted
- Not enabled MAPI/HTTP at the organization level
- Already enabled for TLS 1.2 for client and server operations, as well as .NET
- We are not using HMA (Hybrid Modern Authentication) and Public Folders
AFAIK ,SSL offloading isn't supported with Extended Protection (EP) because EP needs a TLS protected connection to work (we need it for the Channel Binding Token - CBT).
But I have some questions.
1- Have you heard of any issues with EP enabling ?
2- Would there be any special considerations to keep in mind after I enable EP?
3- Any downtime for this? Considering doing this during the day
4- Is there any known issue with archive mailboxes when using retention tags ?
5- I must therefore consider the complete chain of client, outgoing proxy, incoming proxy, load balancer etc., because if you activate the "Extended Protection" function on the last server, this can disrupt the function.
We have been using Skyhigh Web Gateway (McAfee) as Proxy for Clients.
can cause connections to Exchange services to fail ?
Reply all
Reply to author
Forward
0 new messages