Re: activesync and exchange http

duke <duke@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
hmmm my PIX has many timeout options. none of them http. Does anyone
know if any of these options affect http requests? Next to them I'll
list my current settings.

connection -- 1 hr
H.225 -- 1 hr
H.323 -- 5 min
SIP -- 30 min
SIP Media -- 2 min
MGCP -- 5 min
SIP Media -- 2 min
SIP Disconnect -- 2 min
Authorization absolute -- 5 min
Authorization inactivity -- no timeout enabled
Half-closed -- 10 min
UDP -- 2 min
RPC -- 10 min
Translation Slot -- 5 min
SIP Invite -- 3 min

I know what some of these do already but I wanted to go ahead and put
the full list of PIX timout options in case anyone has any advice.



I'm not a PIX person - but it's HTTPS you want, not HTTP. Check your
documentation or their support pages, or start a-googling.




"Lanwench [MVP - Exchange]" wrote:

duke <duke@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
We have many employees out in the field that either use our push
services on their phones or get their email in outlook through http.
Lately our performance has been horribly slow in receipt to both.
Looking through logs i have several events dialy regarding a similar
report:

"The average of the most recent [200] heartbeat intervals used by
clients is less than or equal to [540]. Make sure that your
firewall configuration is set to work correctly with Exchange
ActiveSync and direct push technology. Specifically, make sure that
your firewall is configured so that requests to Exchange ActiveSync
do not expire before they have the opportunity to be processed.
For more information about how to configure firewall settings when
using Exchange ActiveSync, see Microsoft Knowledge Base article
905013, "Enterprise Firewall Configuration for Exchange ActiveSync
Direct Push Technology"
(http://go.microsoft.com/fwlink/?linkid=3052&kbid=905013).

Our network is set up with a single (hardware) firewall on the out
with network and SBS behind. The SBS only has one NIC so i do not
have ISA running, and the referenced article at microsoft is about
adjusting the ISA firewall. So does the warning apply?

Yes.

"We recommend that you increase the firewall time-out values for
HTTP(S) requests to the Exchange Server Microsoft-Server-ActiveSync
virtual directory to provide a richer, "always-up-to-date"
experience. The method that you use to increase the firewall
time-out values depends on which firewall product you use. Refer to
the firewall documentation for information on about how to increase
the firewall time-out values."

Do i need to
make adjustments in our cisco firewall for Push Mail?

Yes, you should. It's easy enough.



.

Relevant Pages

  • Re: activesync and exchange http
    ... SIP Media -- 2 min ... make sure that your firewall is ... configured so that requests to Exchange ActiveSync do not expire ...
    (microsoft.public.windows.server.sbs)
  • Re: Network Firewall/Routing Solution
    ... Cisco router w/ Firewall IOS, ... > not working properly at all with multiple network cards. ... > I will need to deal with inbound web and ftp requests from the ... > non-pasv connections. ...
    (comp.security.firewalls)
  • Re: IDS and SSL
    ... invalid requests not just detection. ... In English: attacks against ... The web application firewall ... Quite frankly I wouldn’t put a web server of any worth ...
    (Vuln-Dev)
  • Re: Network Firewall/Routing Solution
    ... >> firewall combo boxes that linksys sells, and I really don't want to run ... >> not working properly at all with multiple network cards. ... >> like Unicode and header information for http requests, ... >> non-pasv connections. ...
    (comp.security.firewalls)
  • [fw-wiz] secure firewall rule management program
    ... Anyone have suggestions for a good, secure webified firewall rule ... The system should allow users to submit rule requests, ... be available to approvers and implementers. ... an individual, it belongs to "accounting". ...
    (Firewall-Wizards)
Loading