add server SVEXDETI01 172.xx.xx.33
add serviceGroup SG_Exchange-Autodiscover-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED
add serviceGroup SG_Exchange-ECP-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED
add serviceGroup SG_Exchange-EAS-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED
add serviceGroup SG_Exchange-OA-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED
add serviceGroup SG_Exchange-OAB-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED
add serviceGroup SG_Exchange-EWS-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED
add serviceGroup SG_Exchange-OWA-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED
set aaa ldapParams -serverIP 172.30.23.31 -ldapBase "DC=Firma, DC=local" -ldapBindDn app.admincitrix@Firma.local -ldapBindDnPassword 9f0e33547be6262ea3ca37b864 -encrypted -ldapLoginName sAMAccountName -groupAttrName memberOf -subAttributeName cn
add ssl certKey wildcard-Firma-de -cert "/nsconfig/ssl/Wildcard-Firma-de.crt" -key "/nsconfig/ssl/PKNS_Firma_DE.key" -passcrypt iPwjU9lnd1I5QqHwgWLkFg== -expiryMonitor DISABLED
add authentication ldapAction LDAP_Firma -serverIP 172.30.23.31 -ldapBase "DC=Firma, DC=local" -ldapBindDn app.admincitrix@Firma.local -ldapBindDnPassword 9f0e33547be6262ea3ca37b864 -encrypted -ldapLoginName samAccountName -groupAttrName memberOf -subAttributeName CN
add tm formSSOAction owa_formssoaction_public -actionURL "/owa/auth.owa" -userField username -passwdField password -ssoSuccessRule "HTTP.RES.SET_COOKIE.COOKIE(\"cadata\").VALUE(\"cadata\").LENGTH.GT(70)" -nameValuePair "flags=0&trusted=0" -responsesize 10240 -submitMethod POST
add tm formSSOAction owa_formssoaction_private -actionURL "/owa/auth.owa" -userField username -passwdField password -ssoSuccessRule "HTTP.RES.SET_COOKIE.COOKIE(\"cadata\").VALUE(\"cadata\").LENGTH.GT(70)" -nameValuePair "flags=4&trusted=4" -responsesize 10240 -submitMethod POST
add tm trafficAction owa_trafficaction_public -appTimeout 1 -SSO ON -formSSOAction owa_formssoaction_public -persistentCookie OFF -InitiateLogout OFF -kcdAccount NONE
add tm trafficAction owa_trafficaction_private -appTimeout 1 -SSO ON -formSSOAction owa_formssoaction_private -persistentCookie OFF -InitiateLogout OFF -kcdAccount NONE
add tm trafficAction traffic_prof_owa_logout_global -appTimeout 1 -SSO ON -persistentCookie OFF -InitiateLogout ON -kcdAccount NONE
add authentication ldapPolicy LDAP_Firma ns_true LDAP_Firma
add tm trafficPolicy owa_policy_public "HTTP.REQ.URL.CONTAINS(\"owa/auth/logon.aspx\") && CLIENT.IP.SRC.IN_SUBNET(172.0.0.0/8).NOT" owa_trafficaction_public
add tm trafficPolicy owa_policy_private "HTTP.REQ.URL.CONTAINS(\"owa/auth/logon.aspx\") && (CLIENT.IP.SRC.IN_SUBNET(172.0.0.0/8) || HTTP.REQ.USER.IS_MEMBER_OF(\"VIP\"))" owa_trafficaction_private
add tm trafficPolicy owa_logoff_global "HTTP.REQ.URL.CONTAINS(\"/owa/logoff.owa\") " traffic_prof_owa_logout_global
add lb vserver LB-vServer-OWA1_https SSL 0.0.0.0 0 -persistenceType COOKIEINSERT -timeout 600 -cltTimeout 180 -AuthenticationHost aaa.Firma.de -Authentication ON -authnVsName AUTH-vServer-aaa-Firma-de
add lb vserver LB-vServer-OA_https SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180 -authn401 ON -authnVsName AUTH-vServer-aaa-Firma-de -appflowLog DISABLED
add lb vserver LB-vServer-Autodiscover_https SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180 -authn401 ON -authnVsName AUTH-vServer-aaa-Firma-de -appflowLog DISABLED
add lb vserver LB-vServer-EAS_https SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180 -authnVsName AUTH-vServer-aaa-Firma-de -appflowLog DISABLED
add lb vserver LB-vServer-ECP_https SSL 0.0.0.0 0 -persistenceType COOKIEINSERT -timeout 600 -cltTimeout 180 -AuthenticationHost aaa.Firma.de -Authentication ON -authnVsName AUTH-vServer-aaa-Firma-de -appflowLog DISABLED
add lb vserver LB-vServer-EWS_https SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180 -authn401 ON -authnVsName AUTH-vServer-aaa-Firma-de -appflowLog DISABLED
add lb vserver LB-vServer-OAB_https SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180 -authn401 ON -authnVsName AUTH-vServer-aaa-Firma-de -appflowLog DISABLED
add authentication vserver AUTH-vServer-aaa-Firma-de SSL 195.145.191.123 443 -AuthenticationDomain Firma.de -appflowLog DISABLED
add cs vserver CSW-vServer-Exchange SSL 195.145.191.119 443 -cltTimeout 180
add cs policy owa-csw-pol -rule "HTTP.REQ.HEADER(\"User-Agent\").SET_TEXT_MODE(IGNORECASE).CONTAINS(\"Mozilla\")"
add cs policy oa-csw-pol -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/rpc\")"
add cs policy autodiscover-csw-pol -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/AutoDiscover\")"
add cs policy ecp-csw-pol -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/ecp\")"
add cs policy ews-csw-pol -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/ews\")"
add cs policy eas-csw-pol -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/Microsoft-Server-ActiveSync\")"
add cs policy oab-csw-pol -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/oab\")"
add rewrite action owa2013_insert_pback_cookie_act_1 insert_http_header COOKIE "\"PBack=0;\""
add rewrite action owa2013_insert_pback_cookie_act_2 insert_after "HTTP.REQ.HEADER(\"COOKIE\").INSTANCE(0).SUBSTR(\":\")" "\" PBack=0;\""
add rewrite policy owa2013_set_pback_cookie_pol_1 "HTTP.REQ.URL.CONTAINS(\"owa/auth/logon.aspx\") && HTTP.REQ.COOKIE.COUNT.GT(2).NOT" owa2013_insert_pback_cookie_act_1
add rewrite policy owa2013_set_pback_cookie_pol_2 "HTTP.REQ.URL.CONTAINS(\"owa/auth/logon.aspx\") && HTTP.REQ.COOKIE.COUNT.GT(2)" owa2013_insert_pback_cookie_act_2
bind rewrite global owa2013_set_pback_cookie_pol_2 135 END -type REQ_DEFAULT
bind rewrite global owa2013_set_pback_cookie_pol_1 140 END -type REQ_DEFAULT
add responder action Resp_Action_to_OWA redirect "\"/owa\""
add responder policy Resp_Pol_to_OWA "HTTP.REQ.URL.STARTSWITH(\"/owa\").NOT" Resp_Action_to_OWA
bind lb vserver LB-vServer-Autodiscover_https SG_Exchange-Autodiscover-SSL
bind lb vserver LB-vServer-ECP_https SG_Exchange-ECP-SSL
bind lb vserver LB-vServer-EAS_https SG_Exchange-EAS-SSL
bind lb vserver LB-vServer-OA_https SG_Exchange-OA-SSL
bind lb vserver LB-vServer-OAB_https SG_Exchange-OAB-SSL
bind lb vserver LB-vServer-EWS_https SG_Exchange-EWS-SSL
bind lb vserver LB-vServer-OWA1_https SG_Exchange-OWA-SSL
bind lb vserver LB-vServer-OWA1_https -policyName owa_policy_private -priority 90 -gotoPriorityExpression END -type REQUEST
bind lb vserver LB-vServer-OWA1_https -policyName owa_policy_public -priority 100 -gotoPriorityExpression END -type REQUEST
bind lb vserver LB-vServer-ECP_https -policyName owa_policy_public -priority 100 -gotoPriorityExpression END -type REQUEST
bind lb vserver LB-vServer-ECP_https -policyName owa_policy_private -priority 110 -gotoPriorityExpression END -type REQUEST
bind lb vserver LB-vServer-OWA1_https -policyName Resp_Pol_to_OWA -priority 100 -gotoPriorityExpression END -type REQUEST
bind cs vserver CSW-vServer-Exchange -policyName autodiscover-csw-pol -targetLBVserver LB-vServer-Autodiscover_https -priority 100
bind cs vserver CSW-vServer-Exchange -policyName eas-csw-pol -targetLBVserver LB-vServer-EAS_https -priority 110
bind cs vserver CSW-vServer-Exchange -policyName ews-csw-pol -targetLBVserver LB-vServer-EWS_https -priority 120
bind cs vserver CSW-vServer-Exchange -policyName oab-csw-pol -targetLBVserver LB-vServer-OAB_https -priority 130
bind cs vserver CSW-vServer-Exchange -policyName oa-csw-pol -targetLBVserver LB-vServer-OA_https -priority 140
bind cs vserver CSW-vServer-Exchange -policyName ecp-csw-pol -targetLBVserver LB-vServer-ECP_https -priority 150
bind cs vserver CSW-vServer-Exchange -policyName owa-csw-pol -targetLBVserver LB-vServer-OWA1_https -priority 160
add lb monitor Monitor-Exchange-OWA HTTP -respCode 200 -httpRequest "GET /owa/healthcheck.htm" -LRTM ENABLED -secure YES
add lb monitor Monitor-Exchange-Autodiscover HTTP -respCode 200 -httpRequest "GET /autodiscover/healthcheck.htm" -LRTM ENABLED -secure YES
add lb monitor Monitor-Exchange-ECP HTTP -respCode 200 -httpRequest "GET /ecp/healthcheck.htm" -LRTM ENABLED -secure YES
add lb monitor Monitor-Exchange-EAS HTTP -respCode 200 -httpRequest "GET /Microsoft-Server-ActiveSync/healthcheck.htm" -LRTM ENABLED -secure YES
add lb monitor Monitor-Exchange-OA HTTP -respCode 200 -httpRequest "GET /rpc/healthcheck.htm" -LRTM ENABLED -secure YES
add lb monitor Monitor-Exchange-OAB HTTP -respCode 200 -httpRequest "GET /oab/healthcheck.htm" -LRTM ENABLED -secure YES
add lb monitor Monitor-Exchange-EWS HTTP -respCode 200 -httpRequest "GET /ews/healthcheck.htm" -LRTM ENABLED -secure YES
bind serviceGroup SG_Exchange-SSL SVEXDETI01 443 -CustomServerID "\"None\""
bind serviceGroup SG_Exchange-SSL -monitorName https-ecv
bind serviceGroup SG_Exchange-Autodiscover-SSL SVEXDETI01 443 -CustomServerID "\"None\""
bind serviceGroup SG_Exchange-Autodiscover-SSL -monitorName https-ecv
bind serviceGroup SG_Exchange-ECP-SSL SVEXDETI01 443 -CustomServerID "\"None\""
bind serviceGroup SG_Exchange-ECP-SSL -monitorName https-ecv
bind serviceGroup SG_Exchange-EAS-SSL SVEXDETI01 443 -CustomServerID "\"None\""
bind serviceGroup SG_Exchange-EAS-SSL -monitorName https-ecv
bind serviceGroup SG_Exchange-OA-SSL SVEXDETI01 443 -CustomServerID "\"None\""
bind serviceGroup SG_Exchange-OA-SSL -monitorName https-ecv
bind serviceGroup SG_Exchange-OAB-SSL SVEXDETI01 443 -CustomServerID "\"None\""
bind serviceGroup SG_Exchange-OAB-SSL -monitorName https-ecv
bind serviceGroup SG_Exchange-EWS-SSL SVEXDETI01 443 -CustomServerID "\"None\""
bind serviceGroup SG_Exchange-EWS-SSL -monitorName https-ecv
bind serviceGroup SG_Exchange-OWA-SSL SVEXDETI01 443 -CustomServerID "\"None\""
bind serviceGroup SG_Exchange-OWA-SSL -monitorName https-ecv
add tm sessionAction owa-session-prof -sessTimeout 60 -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -ssoDomain Firma -httpOnlyCookie NO -persistentCookie ON -persistentCookieValidity 30
add tm sessionPolicy owa-session-pol ns_true owa-session-prof
bind tm global -policyName owa_logoff_global -priority 100
bind authentication vserver AUTH-vServer-aaa-Firma-de -policy LDAP_Firma -priority 100
bind authentication vserver AUTH-vServer-aaa-Firma-de -policy owa-session-pol -priority 100
bind ssl vserver LB-vServer-OWA1_https -certkeyName wildcard-Firma-de
bind ssl vserver LB-vServer-OA_https -certkeyName wildcard-Firma-de
bind ssl vserver LB-vServer-Autodiscover_https -certkeyName wildcard-Firma-de
bind ssl vserver LB-vServer-EAS_https -certkeyName wildcard-Firma-de
bind ssl vserver LB-vServer-ECP_https -certkeyName wildcard-Firma-de
bind ssl vserver LB-vServer-EWS_https -certkeyName wildcard-Firma-de
bind ssl vserver LB-vServer-OAB_https -certkeyName wildcard-Firma-de
bind ssl vserver AUTH-vServer-aaa-Firma-de -certkeyName wildcard-Firma-de
bind ssl vserver CSW-vServer-Exchange -certkeyName wildcard-Firma-de