waf with exchange 2016 dag and outlook anywhere


i'm using web application firewall with DAG balancing of multiple exchange server

i wanted to know the correct settings to work with exchange 2016 outlook anywhere

should i use ssl offload?

what auth should i use ? negotiate/ntlm/basic?


thank you

  • Hi,

    I would advise you add all of the exchange servers to a DAG, There after configure a DAG IP as a WAF address. Exchange servers will load balance using the DAG and the firewall will forward all the request to one IP. 



  • In reply to Kelvin Mjema:

    Hi, if i'm right the DAG-IP is only hold by the current active Member from DAG group at a time - so no load balancing is done and all traffic only goes to the current active server. - Or i'm missing something? DAG is not load balancing in my eyes. Correct me if i'm wrong.