Re: activesync and exchange http

hmmm my PIX has many timeout options. none of them http. Does anyone know if
any of these options affect http requests? Next to them I'll list my current
settings.

connection -- 1 hr
H.225 -- 1 hr
H.323 -- 5 min
SIP -- 30 min
SIP Media -- 2 min
MGCP -- 5 min
SIP Media -- 2 min
SIP Disconnect -- 2 min
Authorization absolute -- 5 min
Authorization inactivity -- no timeout enabled
Half-closed -- 10 min
UDP -- 2 min
RPC -- 10 min
Translation Slot -- 5 min
SIP Invite -- 3 min

I know what some of these do already but I wanted to go ahead and put the
full list of PIX timout options in case anyone has any advice.




"Lanwench [MVP - Exchange]" wrote:

duke <duke@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
We have many employees out in the field that either use our push
services on their phones or get their email in outlook through http.
Lately our performance has been horribly slow in receipt to both.
Looking through logs i have several events dialy regarding a similar
report:

"The average of the most recent [200] heartbeat intervals used by
clients is less than or equal to [540]. Make sure that your firewall
configuration is set to work correctly with Exchange ActiveSync and
direct push technology. Specifically, make sure that your firewall is
configured so that requests to Exchange ActiveSync do not expire
before they have the opportunity to be processed. For more
information about how to configure firewall settings when using
Exchange ActiveSync, see Microsoft Knowledge Base article 905013,
"Enterprise Firewall Configuration for Exchange ActiveSync Direct
Push Technology"
(http://go.microsoft.com/fwlink/?linkid=3052&kbid=905013).

Our network is set up with a single (hardware) firewall on the out
with network and SBS behind. The SBS only has one NIC so i do not
have ISA running, and the referenced article at microsoft is about
adjusting the ISA firewall. So does the warning apply?

Yes.

"We recommend that you increase the firewall time-out values for HTTP(S)
requests to the Exchange Server Microsoft-Server-ActiveSync virtual
directory to provide a richer, "always-up-to-date" experience. The method
that you use to increase the firewall time-out values depends on which
firewall product you use. Refer to the firewall documentation for
information on about how to increase the firewall time-out values."

Do i need to
make adjustments in our cisco firewall for Push Mail?

Yes, you should. It's easy enough.




.

Relevant Pages

  • Re: activesync and exchange http
    ... SIP Media -- 2 min ... your firewall is configured so that requests to Exchange ActiveSync ...
    (microsoft.public.windows.server.sbs)
  • Re: Network Firewall/Routing Solution
    ... Cisco router w/ Firewall IOS, ... > not working properly at all with multiple network cards. ... > I will need to deal with inbound web and ftp requests from the ... > non-pasv connections. ...
    (comp.security.firewalls)
  • Re: IDS and SSL
    ... invalid requests not just detection. ... In English: attacks against ... The web application firewall ... Quite frankly I wouldn’t put a web server of any worth ...
    (Vuln-Dev)
  • Re: Network Firewall/Routing Solution
    ... >> firewall combo boxes that linksys sells, and I really don't want to run ... >> not working properly at all with multiple network cards. ... >> like Unicode and header information for http requests, ... >> non-pasv connections. ...
    (comp.security.firewalls)
  • [fw-wiz] secure firewall rule management program
    ... Anyone have suggestions for a good, secure webified firewall rule ... The system should allow users to submit rule requests, ... be available to approvers and implementers. ... an individual, it belongs to "accounting". ...
    (Firewall-Wizards)