Re: Blackberry

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Ted (anonymous_at_discussions.microsoft.com)
Date: 10/14/04 

Date: Thu, 14 Oct 2004 14:25:10 -0700

I was able to get this to work by creating a protocol
rule that allowed port 3101 TCP outbound in ISA. Did not
have to do this both ways. I did define a client set, so
that only the BES is allowed out that port. Pretty much
followed the BES install guide - only difference is you
have the Watchguard, a second firewall in the mix. But I
would definitely look at setting this rule up on the ISA
as well.

After that, can you look at the Watchguard monitor, to
see if maybe it is getting stopped there? You should be
able to see this activity right away, when you try the
test.

>-----Original Message-----
>I don't have step by step but you may need to open up
that port in
>ISA. Look at some existing packet filters to confirm. Do
you have the
>firewall client loaded on the BES? If not you may need
to set it up as
>a secure nat client.
http://www.sbslinks.com/MACINTEGRATION.HTM
>
>Skc <Skc@discussions.microsoft.com> wrote:
>
>>Hi,
>>
>>I am in the process of setting up Blackberry Enterprise
Server. We have an
>>SBS 2000 box with 2 NICs - the WAN NIC is connected to
a Watchguard SOHO 6
>>firewall and this is then connected to our router.
>>
>>I have been following the deployment guide, setup the
BesAdmin account in
>>Exchage. I then planned to install BES onto a machine
that ran Windows 2003
>>Server Std without Outlook client installed (as per the
book suggested). On
>>the 5th page of the install wizard, named 'Blackberry
Server Communication
>>Information' I enter the servername, SRP host as
192.168.16.2 (SBS's IP
>>address as it is the proxy) and the SRP as port 3101.
>>
>>Now, on the Watchguard I opened up an outbound port TCP
3101 allowed by
>>192.168.16.2 and this throws back 'Test failed with
error code (10061).'
>>Looking at the Blackberry KB, it suggests that an
outbound connection cannot
>>be made. It requires that the outbound port 3101
should be configured as
>>'Bi-directional' (?what does this mean?) and I am
deperately trying to get
>>this working but I am stuck! This is when I hit
the 'Test Network
>>Connection' button.
>>
>>Do I need to setup something in ISA Server Filters? We
use GFI MSEC, DSEC
>>and I have granted srp.eu.blackberry to be excluded
from the GFI filter in
>>ISA.
>>
>>Please can someone help me as this is really bugging
me. Furthermore, help
>>on creating a custom outbound rule for port 3101 would
be helpful on a
>>Watchguard firewall SOHO6. I am sure I have done it
correct, but I need a
>>second opinion.
>>
>>Thanks,
>>
>>skc
>
>Jim B. SBS Community Member
>remove the mvp to send email
>.
>

Quantcast