![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 52%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM1%3C/text%3E%3C/svg%3E)
Microsoft Exchange Online
A Microsoft email and calendaring hosted service.
2,080 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 91%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJZ%3C/text%3E%3C/svg%3E)
Hi @MJ-1983,
Welcome to the Microsoft Q&A platform!
For Exchange Server Subscription Edition (SE), there are some issues to consider with load balancers and application gateways, especially when using legacy protocols such as IMAP and POP3 and handling web traffic (HTTP and HTTPS).
Load Balancer Requirements
- Make sure your load balancer supports session persistence (also known as sticky sessions) to maintain consistent connections for clients1. This is critical for protocols such as IMAP and POP3 to ensure that clients remain connected to the same backend server during a session.
- Make sure your load balancer supports the necessary TLS versions. Exchange Server SE requires TLS 1.2 or higher to establish secure connections.
Application Gateway Requirements
- Application gateways, such as Azure Application Gateway, provide layer 7 load balancing and support features such as TLS termination, cookie-based session affinity, and URL path-based routing. These features can help optimize and secure web traffic to your Exchange Server SE.
- While WAF is not strictly required, it is highly recommended to protect against common web vulnerabilities and attacks. If you are concerned about latency and performance, you can consider optimizing your WAF settings or explore alternative solutions that balance security and performance.
Recommendations
- Ensure that necessary network ports are open for communication between the load balancer, application gateway, and Exchange Server SE. This includes ports for Active Directory authentication and mail flow.
- If the WAF is causing latency, consider adjusting its rules or using a higher-performing WAF solution. Alternatively, you can selectively enable the WAF for critical endpoints while bypassing less sensitive traffic.
Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.
Best,
Jake Zhang
