Publishing Exchange on Pfsense 2.1.5

Note:
Before starting you must know that if you’re going to use the same Public IP (WAN) for Pfsense for Exchange Web service then you must set Pfsense to use a non-standard HTTP/HTTPS port.
First thing, we will have to install Squid 3 plugin to Pfsense
clip_image001

I will click on the Plus sign + next to the Squid3 package to install it.
clip_image002
clip_image003
clip_image004
Now we will have to export the Certificate from our Exchange and import it to the Certificate store in Pfsense.
clip_image005
Now I’ll click on the + on the CAs to import the Certification Authority root certificate
clip_image006
I opened the CA certificate in Notepad++ and copied it all then give it a name and clicked on Save
clip_image007
After clicking on Save here is what I got.
clip_image008
Now I will add the Exchange’s personal certificate and Key and use Digicert’s tool to export the key as in the following screenshot
clip_image009
Now I’ll go back to Pfsense’s portal to the Certificate section to add the Exchange’s certificate, I will go to Certificates tab and click on the + sign to add the cert.
clip_image010
clip_image011
I added the Cert’s code data and the cert’s Key as well, and after I clicked on Save here’s what it looks like.
clip_image012
Now I will go on the reverse proxy tab and configure it for Exchange. First thing I should do is Enable HTTP and HTTPS ports and choose the certificate for Exchange.
clip_image013
Here I have enabled all the ports and choose the right certificate, I will also import the Intermediate certificate in case it was needed.
clip_image014
I will go back to the Exchange Server where I have all the certificates and export the Intermediate Certificate
In order to know the intermediate Certificate, I will go to the MMC and click on the personal certificate and check it’s path.
clip_image015
I will double click on the certificate and check its certification path
clip_image016
Opening the Intermediate certificate store.
clip_image017
I will use MMC Wizard to export the Certificate with Base 64 Encoded option.
clip_image018
After I exported
clip_image019
Now I will enable OWA and fill the information related to it as following.
clip_image020
Next I will go to the firewall (NAT) part to configure the required ports and IPS. Click on Firewall tab and NAT
clip_image021
I will only need to configure the port 25 and 443 since I have a certificate already and want to use HTTPS instead of http.
clip_image022
Here ıs what my firewall looks like right now.
clip_image023
Note: On Exchange server the default gateway should be the LAN IP of
I will save this rule and check if I can browse to OWA from my browser, note that I am connecting remotely and I have Exchange server hosted on hyper V from a different place.
clip_image024
WHOA, It works without any issues but still I’ll sign in and make sure I can still login without any problem.
clip_image025
clip_image026
clip_image027
Now it’s time to make sure that Active Sync is working properly as well. I will first of all test active sync with Remote Connectivity Analyzer www.testexchangeconnectivity.com or https://testconnectivity.microsoft.com
I will have to go to Exchange
clip_image028
Then here I will enter my credentials as you can see below
clip_image029
Test will take about 15-30 seconds to finish
clip_image030
Then here it will show the expected result.
clip_image031
clip_image032
Hope this would be useful for anyone.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.