pfSense is a FreeBSD-based firewall which you can find here.
I wanted to publish Exchange through pfSense. I installed the Squid plugin which includes specific reverse proxy support for Exchange.
If you search for help with publishing Exchange on pfSense you will find this document by Mohammed Hamada.
Unfortunately the steps given seem to be incorrect in some places, certainly for my version which is 2.3.2.
Here’s what I had to do to get it working:
1. Simple one not mentioned in his steps, you have to enable the Squid Proxy Server otherwise Squid will not run
2. Hamada sets a NAT rule to forward HTTPS traffic to his Exchange server:
If you do this, it will bypass your reverse proxy. What you should do instead is to create a Firewall rule to accept HTTPS:
You should also verify that the pfSense web GUI is not using the same port (443), in System/Advanced/Admin Access. If it is set to HTTP rather than HTTPS that is OK too. Normally access to the web GUI from the WAN is blocked. One other thing: in order to use port 443 in Squid Reverse Proxy General Settings, I set net.inet.ip.portrange.reservedhigh to 0 in System/Advanced/System Tunables
3. I did this, as well as setting up Exchange in Squid Reverse Proxy General Settings, whereupon OWA worked but remote Outlook and mobile clients did not, or at least not reliably. The main problem was this setting in Squid Reverse Proxy / General:
This must be set to Intermediate rather than Modern (the default).
Now it works – though if pfSense experts out there have better ways to achieve the above I would be interested.
Update: one other thing to check, make sure that your pfSense box can resolve the internal hostname of your Exchange server. By default it may use external DNS servers even if you put internal DNS servers in General Setup. This is because of the setting Allow DNS server list to be overridden by DHCP/PPP on WAN.