Re: Exchange behind WatchGuard Firewall
From: Robert Lampkin [MSFT] (rlampkin_at_online.microsoft.com)
Date: 05/07/04
- Next message: Poch: "Re: Outlook over VPN tunnel"
- Previous message: Robert Lampkin [MSFT]: "RE: Inbound messages delayed up to 5 hours"
- In reply to: todd: "Re: Exchange behind WatchGuard Firewall"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 07 May 2004 23:57:09 GMT
If the server is in a DMZ there is definately a firewall involved. SMTP
Proxy services usually only transmit standard SMTP and not extended SMTP
(ESMTP) which is pretty much the standard.
The articles I posted explain the verbs needed to authenticate and other
things. They mainly explain that these Proxy Services can upset
authentication which is one of our largest call generators here at
Microsoft.
Just something to keep in mind.
Robert Lampkin, MCSE: Messaging
Microsoft Exchange Support
************
Please reply directly to the thread with any updates. You may receive this
email notification before you are able to view my reply in the newsgroup.
Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "todd" <fatheree21@NOcomcastSPAM.net>
| References: <EEF8FAC4-7271-4C86-BDA0-7CF13AA33F4E@microsoft.com>
<r6pCn$7MEHA.308@cpmsftngxa10.phx.gbl>
| Subject: Re: Exchange behind WatchGuard Firewall
| Date: Fri, 7 May 2004 00:22:54 -0500
| Lines: 78
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| Message-ID: <udyxaN$MEHA.3348@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.exchange2000.connectivity
| NNTP-Posting-Host: c-24-14-232-102.client.comcast.net 24.14.232.102
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA06.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08
phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: cpmsftngxa10.phx.gbl
microsoft.public.exchange2000.connectivity:17672
| X-Tomcat-NG: microsoft.public.exchange2000.connectivity
|
| I don't believe either of those articles address the poster's problem.
The
| first article deals with sending SMTP out through the firewall. The
second
| deals with sending and receiving email through a PIX. The poster is
talking
| about accessing an Exchange server sitting in a DMZ from a workstation on
| the LAN with Outlook. I don't believe SMTP will really be involved.
IMHO,
| you definitely don't want to be removing the SMTP Proxy service on the
| Watchguard (especially for incoming mail). Doing so forfeits the ability
of
| the firewall to filter attachments on the basis of their extension, filter
| emails with spoofed From: headers, etc. Of course this can be filtered
| later downstream by other products, but I'm into layers of security. For
| further reference, it *is* a good idea on the Watchguard Firebox to _not_
| send outgoing SMTP traffic through a SMTP-Proxy service, but to use an
| SMTP-Filter service instead. The SMTP-Filter service has no application
| layer functionality, so it won't mess with outgoing mail.
|
| Todd
|
| "Robert Lampkin [MSFT]" <rlampkin@online.microsoft.com> wrote in message
| news:r6pCn$7MEHA.308@cpmsftngxa10.phx.gbl...
| > Watchguard firwalls usually come with a SMTP Proxy service running on
| them.
| > This can filter out the verbs needed for remote users to authenticate.
| > Contact Watchguard and have the remove ANY SMTP Proxy that may be
running
| > on this firewall. Look at
| > http://support.microsoft.com/support/kb/articles/q305/0/07.asp and
| > http://support.microsoft.com/support/kb/articles/q320/0/27.asp
| >
| >
| > Robert Lampkin, MCSE: Messaging
| > Microsoft Exchange Support
| > ************
| > Please reply directly to the thread with any updates. You may receive
this
| > email notification before you are able to view my reply in the
newsgroup.
| > Please do not send email directly to this alias. This alias is for
| > newsgroup purposes only.
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| > --------------------
| > | Thread-Topic: Exchange behind WatchGuard Firewall
| > | thread-index: AcQyQgXHUJjdXOirRhSKU69Va0zgQQ==
| > | X-WN-Post: microsoft.public.exchange2000.connectivity
| > | From: =?Utf-8?B?WW9ua2V5?= <anonymous@discussions.microsoft.com>
| > | Subject: Exchange behind WatchGuard Firewall
| > | Date: Tue, 4 May 2004 18:41:02 -0700
| > | Lines: 3
| > | Message-ID: <EEF8FAC4-7271-4C86-BDA0-7CF13AA33F4E@microsoft.com>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.exchange2000.connectivity
| > | Path: cpmsftngxa10.phx.gbl
| > | Xref: cpmsftngxa10.phx.gbl
| > microsoft.public.exchange2000.connectivity:17642
| > | NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
| > | X-Tomcat-NG: microsoft.public.exchange2000.connectivity
| > |
| > | Hi,
| >
| > anyone here using WatchGuard Firewall and having exchange server
protected
| > by this firewall ? I have a problem on the client authentication passing
| > this firewall. Most of the ports that need to be open to make the
| > connection from client on the private network accessing the exchange in
| DMZ
| > are opened. But things just cant fully work. When I'm configuring the
| > Outlook XP client, I am succesfully check the names and looks like i'm
be
| > able to use the exchange server but when I try to open " User - Mailbox
"
| > the folder just cant be open. I'm wondering if any people out there can
| > give suggestion. Thanks
| > |
| >
|
|
|
- Next message: Poch: "Re: Outlook over VPN tunnel"
- Previous message: Robert Lampkin [MSFT]: "RE: Inbound messages delayed up to 5 hours"
- In reply to: todd: "Re: Exchange behind WatchGuard Firewall"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
