Using Exchange 2013.  I am trying to block Outlook Anywhere from External Access. Easy enough remove the External hostname from the virtual server.  however I did this and users can still connect.  They are not going through a VPN.  The internal URL was using the same name as the external URL.  They were both using mail.company.com.

Should I change the internal URL to use the servername.company.com.  Make sure that this isn't resolvable via external DNS?  My thought is that clients are resolving the mail.company.com since it is in DNS.  This lets them hit the Palo Alto firewall and then once it gets through the Palo Alto it appears as if it is internal traffic.  Is my thinking right on this?

I need to know for sure as this isn't just an environment that I can play around with.

• Edited by Shawn MacArthur1 Monday, February 23, 2015 5:14 PM

Hi,

I support ManU Phi. You can change the name to an internal CAS server name. Then the external client must not able to resolve the internal server name.

Thanks,

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Hi,

Is there any update on this thread?

Thanks,

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com