Re: Exchange ports through firewall?
- From: "Bharat Suneja [MSFT]" <bharat@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 18 Jun 2008 09:11:21 -0700
- Registry entries can be pushed using GPOs. Take a look at:
Using Administrative Template Files with Registry-Based Group Policy
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx
- Security does come at a cost... in this case if you want to provide clients RPC/MAPI access across a firewall, you can restrict clients and server to a narrower range of ports, or alternatively open a lot more ports on the firewall.
- Again, it's not a recommended deployment - I would consider RPC over HTTP(S)/Outlook Anywhere.
--
Bharat Suneja
Microsoft Corporation
blog: exchangepedia.com/blog
This posting is provided "AS IS" with no warranties, and confers no
rights. Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
------------------------------------------
"Cyborg" <apollo13@xxxxxxxxxxxxxx> wrote in message news:313FBA31-E881-42C9-A002-CD74A0317E75@xxxxxxxxxxxxxxxx
Can this be changed for 1000's of PC's easily though?
"Bharat Suneja [MSFT]" <bharat@xxxxxxxxxxxxxxxxxxxx> wrote in message news:%23TGklQV0IHA.416@xxxxxxxxxxxxxxxxxxxxxxx- One alternative is to use Outlook Anywhere (RPC over HTTP in Exchange 2003) and restrict client connections to a single port (HTTPS).
- The following KBA and others listed in its References section have the information you're looking for about Outlook/MAPI client connectivity to Exchange:
Exchange Server static port mappings
http://support.microsoft.com/kb/270836
--
Bharat Suneja
Microsoft Corporation
blog: exchangepedia.com/blog
This posting is provided "AS IS" with no warranties, and confers no
rights. Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
------------------------------------------
"Cyborg" <apollo13@xxxxxxxxxxxxxx> wrote in message news:D15A7EDA-ACD5-4AD5-81E6-B91DD58AB7C8@xxxxxxxxxxxxxxxxWell I would like that, but when you have 1000's of users and LAN users are some of the biggests threats it's a good idea. Plus Cisco firewall have IPS to stop worms/virues etc, this design was recommended my a huge IT consultantcy company.
I've left it at IP any any rule so it's as there is no firewall, but atleast the IPS is picking up the "interested" traffic.
I've managed to dall all the other server like the DC's, Fileservers etc, just Exchange is a pain.
"RobM" <roke-it@xxxxxxxxxxxxxxxx> wrote in message news:585E482A-C147-4BA5-B480-72BEEE174ABD@xxxxxxxxxxxxxxxxYou're making life very difficult for yourself (and not really achieving much
in the way of security) - Windows authentication, file access, Exchange
access will require RPC , which is not really firewall friendly. Put a good,
properly configured firewall on your perimeter, and don't complicate things
by putting them where they're not really going to do much good.
"Cyborg" wrote:
Hi,
All our servers are on their own subnet, however there will be a firewall
installed between the servers subnet and the LAN users. Can someone list
the UDP/TCP required and whether inbound or outbound to and from the LAN?
I can only think inbound from LAN to the server subnet need to be opened?
Thanks
.
- Follow-Ups:
- Re: Exchange ports through firewall?
- From: Cyborg
- Re: Exchange ports through firewall?
- References:
- Exchange ports through firewall?
- From: Cyborg
- Re: Exchange ports through firewall?
- From: Cyborg
- Re: Exchange ports through firewall?
- From: Bharat Suneja [MSFT]
- Re: Exchange ports through firewall?
- From: Cyborg
- Exchange ports through firewall?
- Prev by Date: Plain Text emails across Mailbox Stores
- Next by Date: Re: Automatically Permanently Deleting Undeliverable Messages
- Previous by thread: Re: Exchange ports through firewall?
- Next by thread: Re: Exchange ports through firewall?
- Index(es):
Relevant Pages
|
