r/CloudFlare: Exchange Server tunnel / reverse proxy

💡
This article archives a conversation, which took place in a subreddit post (original source linked below) and to which I contributed a solution or answer (with the u/MasterofSynapse handle), in a Q&A format.

Original Reddit post: https://www.reddit.com/r/CloudFlare/comments/y87fe3/exchange_server_tunnel_reverse_proxy/

Question

Is there a way to get this to work with Outlook? It seems to work just fine for everything else OK including ActiveSync. Outlook keeps asking for credentials over and over again, and the Microsoft Remote Connectivity Analyzer reference’s an RPC error 1818. Is there a specific paid plan required for this to work?

Answer

What exactly did you set up and which Cloudflare products did you use?

Comment 1 on Answer

The free Cloudflare account using the cloudflared service to setup a tunnel. I have scheduled a call with someone in sales at Cloudflare to get more details as to the requirements to use their service as a reverse proxy for Exchange Server. The link to the blog post below talks about the advantages of the web application firewall, but doesn’t cover any of the requirements from an account or technical perspective.

https://blog.cloudflare.com/protecting-against-microsoft-exchange-server-cves/

My response to comment 1

That specific blog post talks about CF WAF (https://www.cloudflare.com/waf/), which is not a part of the Zero Trust suite.

However it is good that you are tunneling Exchange via cloudflared, because then you can protect it with Access Application rules and open CVEs wouldn't matter anymore.