Real quick one this. Ive always used a customised https service to handle Exchange ActiveSync sessions, with a longer TCP timeout, but have now noticed in v8.3.1 there is a specific 'ActiveSync' application.
Is it a no brainer to use it instead of my custom one?
I took a look and found that the ActiveSync Application was added a few years back. I have not heard of any issues using it. It sounds like it is exactly what you want.
1) Create a rule specifically for you, with the ActiveSync Application. This will allow you to test without interrupting anybody else is case of problems.
2) Check out the audit when you use this Application. The Firewall might already be identifying the Application as ActiveSync, and allowing it through your https rule. Then I would say that there really should be no problem using the Application in a rule.
Thanks for the pointers Matt.
I neglected to mention, the setup involves TMG2010 doing the actual reverse proxying behind the edge McAfee firewall, also Im not doing SSL Decryption at the MFE, as in previous versions of MFE, there was no benefit. I think its still worth me changing to the ActiveSync application for neatness, but any idea what the application offers in the way of protection, should I combine with switching to using SSL Decryption and ReEncryption to the TMG2010 servers?
Since we don't have much for protocol enforcement of ActiveSync, I don't know if decryption/re-encryption is of much benefit. Usage of the Application would allow you to be a little more granular as your current custom https application would not only allow ActiveSync, but also any other https based application.
Hope this helps,