It probably brought you back to a default configuration that doesn't include the port forwards (80/443) that you setup last time.
Your internal certificate issue with OWA is pretty straightforward once you understand how a SSL cert works.
Prior to your firewall, you were accessing OWA from inside the office as if you were actually inside.
Let's say the DNS name and IP scheme goes like this:
Internal: 172.16.3.100 exchange01.company.com (or perhaps exchange01.company.local)
External: 64.65.66.67 mail.company.com
Pre firewall, they were hitting mail.company.com/owa but it was actually getting routed out to your ISP, and then back in as if the connection were from an external source, so you didn't have cert issues inside or outside of the office. Enter your firewall. Not familiar with the PFsense, but a most firewalls (my experience is with Cisco PIX & ASA's) will not allow a connection from the inside to come back in the same interface - just won't work. So hitting mail.company.com (or it's external IP address) becomes unpossible from behind the firewall. Your workaround is to hit exchange01.company.com/owa, but you'll now get a SSL error as the certificate loaded onto the server says that the hostname is supposed to be mail.company.com, but you are accessing it with exchange01.company.com. Just hit continue & move on.
Hope that makes sense. Tried to keep it as basic as possible. There is a way around this, but it's a little more complex. LMK if you'd like details.
To fix:
For starters, make sure you can still access internally to confirm that the server is working properly. If so, just pop in some new port forwarding rules and then test from outside.
http://doc.pfsense.org/index.php/How...ith_pfSense%3F
Code:
1.Go to the Firewall menu, select NAT, then click on the Port Forward tab.
2.Click on the + icon at the top or bottom of the screen.
3.Choose the Interface for the port forward (likely WAN) and if needed, pick a virtual IP address from the External Address drop-down.
4.Enter your forwarded port in the External Port range box(es)
5.Enter the internal IP address you'd like to send that port to in the NAT IP box.
6.Fill in a local port if it differs from the external port.
7.Check the Auto-add a firewall rule checkbox
8.Click Save which will return you to the Port Forward NAT screen, showing you all the NAT entries.
9.Finally, click Apply Changes - wait a few seconds and test.
Bookmarks