PfSense and Exchange / Dynamics CRM / ADFS
Just recently started out with pfSense as a replacement for the dying TMG platform and from what I can tell right now it looks quite promising.
Now I am at the point of getting my Owa/Mapi/RCP over HTTP/and so on out through pfSense. And the 1st question is, do I really need Squid? Or can I use just reverse NAT? I heard the Squid has a plugin for Owa kinda things, but that gives me some goose skin. Does this plugin also has a Forms Based Auth like TMG, or is it jts doing reverse proxing with no mangling involved? Hoping for the latter of course. Same goes for CRM.
My backend services are currently configured with TLS and I want to keep it that way. Wil lthat works as well with having pfSense (or Squid plugged in) doing the brigde (terminating on pfSense and initiating from there TLS to my back ends)?
Last, can I use SNI to run Exchange/CRM and ADFS on the same public IP? I wanted to use HAProxy for that, but preferably not as a plugin, but on separate VMs. Has anyone tried this?
PS: The only functionality I am missing, TMG can match outgoing firewall rules with AD accounts, so some user can use for instance tcp/3389 and some cannot, based on AD membership. Haven't seen this in open source products till now. Am I missing something maybe? Of course, matching FW rules against AD imposes performance issues, that is why TMG is client based.