This page will guide you through the steps of publishing Microsoft Exchange web services on Pfsense's last version 2.1.5.
If you don't have Pfsense already installed, you can check out my guide on how to install Pfsense and prepare it on your environment.
Before starting you must know that if you're going to use the same Public IP (WAN) for Pfsense for Exchange Web service then you must set Pfsense to use a non-standard HTTP/HTTPS port.
First thing, we will have to install Squid3 plugin to Pfsense
I will click on the Plus sign + next to the Squid3 package to install it.
Now we will have to export the Certificate from our Exchange and import it to the Certificate store in Pfsense.
Now I'll click on the + on the CAs to import the Certification Authority root certificate
I opened the CA certificate in Notepad++ and copied it all then give it a name and clicked on Save
After clicking on Save here is what I got.
Now I will add the Exchange's personal certificate and Key and use Digicert's tool to export the key as in the following screenshot
Now I'll go back to Pfsense's portal to the Certificate section to add the Exchange's certificate, I will go to Certificates tab and click on the + sign to add the cert.
I added the Cert's code data and the cert's Key as well, and after I clicked on Save here's what it looks like.
Now I will go on the reverse proxy tab and configure it for Exchange. First thing I should do is Enable HTTP and HTTPS ports and choose the certificate for Exchange.
NOTE: placing the standard ports e.g. (80, 443) for http and https might work in earlier versions of Pfsense like 1.5 and 2.0 but not 2.1 and 2.2, in order for the reverse proxy to work on the new versions you'll have to use the port field empty if you decide to use the standard ports.
Here I have enabled all the ports and choose the right certificate, I will also import the Intermediate certificate in case it was needed.
I will go back to the Exchange Server where I have all the certificates and export the Intermediate Certificate
In order to know the intermediate Certificate, I will go to the MMC and click on the personal certificate and check it's path.
I will double click on the certificate and check its certification path
Opening the Intermediate certificate store.
I will use MMC Wizard to export the Certificate with Base 64 Encoded option.
I will enable OWA and fill the information related to it as following.
Next I will go to the firewall (NAT) part to configure the required ports and IPS. Click on Firewall tab and NAT
I will only need to configure the port 25 and 443 since I have a certificate already and want to use HTTPS instead of http.
Here ıs what my firewall looks like right now.
Note: On Exchange server the default gateway should be the LAN IP of the Pfsense or at least there should be a persistent route to the local IP of Pfsense.
I will save this rule and check if I can browse to OWA from my browser, note that I am connecting remotely and I have Exchange server hosted on hyper V from a different place.
Now I will check if I can send e-mail back and forth to Gmail and Exchange. starting by sending an e-mail from Exchange. I can get an e-mail to Gmail.
Now I am replying the e-mail from Gmail to Exchange.
Everything seems to be working as expected...
Now it's time to make sure that ActiveSync is working properly as well. I will first of all test active sync with Remote Connectivity Analyzer www.testexchangeconnectivity.com or https://testconnectivity.microsoft.com
I will have to go to Exchange Server tab and select "Exchange ActiveSync" option for testing and click continue down right the window
Then here I will enter my credentials as you can see below
Test will take about 15-30 seconds to finish
Then here it will show the expected result.
detailed result of the test
I have also tested it on my iPhone and it worked without any issue as well.
Hope this would be useful for anyone.