Next Generation Firewall (NGFW)

Expand all | Collapse all

Fortigate Firewall with MAPI

  • 1.  Fortigate Firewall with MAPI

    Posted 3 days ago
    Edited by Erik Devine 3 days ago
    Anyone have ways of protecting from attacks when the attacker is using MAPI to connect to Exchange?   We are finding that hackers with password via some means (phishing, or others) able to get into the Exchange server without needing 2FA and able to send emails from employees.

    What we have done so far:

    Added a specific IPS to the firewall rule that allows HTTPS from the public IP address
    Added the AV profile that includes MAPI
    Added DNS filter that doesn't seem to be doing much
    Blocked all foreign countries using the GEO location address objects
    We are looking at Certificate for content inspection but not sure what that will buy us.
    We have 2FA for exchange, but its only for OWA, and not MAPI connections with a 3rd party 2FA solution.

    We are also looking at FortiWAF, as we have one for our patient portal, and now we are going to look at protecting our exchange.


    Erik J. Devine
    Chief Information Security & Technology Officer
    Riverside Healthcare

  • 2.  RE: Fortigate Firewall with MAPI

    Posted 2 days ago
    Not sure there's a good way and that's the reason Microsoft is pushing to disable basic authentication in Exchange Online.  You can also disable basic authentication for on-premise Exchange but it requires using hybrid modern authentication:  

    You can also block external MAPI connections and force remote users to connect via VPN or drive users towards using OWA when working remotely since you have 2FA setup there.