Conectare
 
Pagina de pornireBibliotecăInformațiiFişiere de descărcatSuportComunitateForumuri
Resurse pentru profesionişti IT >
best practice Exchange network security

Discuţie generală best practice Exchange network security

  • 21 mai 2012 19:32
     
     
    Sign in pentru a vota
    0
    friends i have this hosted setup .. running fine ... but now i want to make it more secure . buy only allowing the traffic from inside lan which is required for exchange and updates to go out .. else should be dropped .. but i am not very sure what all ports are used by exchange ... to make connection to outer world on OWA/ mail client like outlook and other .. or may be some network/ authentication and then windows updates... so is it posible or someone has done this .. to configure the same on router...?
    Thanks
    Happiness Always
    Jatin


    • Editat de 'Jatin' 21 mai 2012 19:36
    •  
     

Toate mesajele

  • 21 mai 2012 23:46
     
     
    Sign in pentru a vota
    0

    Exchange only makes outbound connections on TCP 25, for sending SMTP, HTTP/S for checking certificate CRL's, downloading updates, that sort of thing, and DNS, though the DNS server is doing that. Are you wanting to block all other outbound traffic? Outlook/OWA etc are making inbound connections to Exchange, so not sure what you are getting at there.

    Also look at http://technet.microsoft.com/en-us/library/bb331973.aspx as that lists all the ports/protocols Exchange uses.

     
  • 22 mai 2012 02:48
     
     
    Sign in pentru a vota
    0
    yes Greg .. i want to block all unwanted traffic from my LAN which is connected to WAN on public interface,... so i want to know what all port Msoft exchange uses ... or OS uses for communication or may be updates ... got TMG also in setup
    Thanks
    Happiness Always
    Jatin


    • Editat de 'Jatin' 22 mai 2012 02:48
    •  
     
  • 22 mai 2012 02:56
     
     
    Sign in pentru a vota
    0

    Why are you concerned about what goes OUT? (Apart from SMTP delivery that is) Is all outbound traffic via TMG? You want to stop people like you on your internal network from getting out to the Internet?

    The article I linked to earlier lists all the ports Exchange uses.

     
  • 22 mai 2012 03:09
     
     
    Sign in pentru a vota
    0

    perfect about the article ... thanks....  but why i want to do this is i want to block any kind of unwanted traffic like in form of some machine infected with virus/worn/trogen sending huge traffic on wan link and choking my bandwidth .. so this way i can only allow traffic which are required by exchange ...

    can you please advise about OS or TMG updates if you have idea..

    one more thing .. plz dont mind Greg.. can you please check this .. as my DAG is stopped

    http://social.technet.microsoft.com/Forums/en-US/exchange2010hosters/thread/9e1e4713-ca02-4ab3-95cb-67cdbea6f4db

    please advise

    Thanks
    Happiness Always
    Jatin


    • Editat de 'Jatin' 22 mai 2012 03:09
    •  
     
  • 24 mai 2012 22:02
     
     
    Sign in pentru a vota
    0

    Sorry for the slow reply.

    Not sure what to suggest really, you could simply set up TMG to be the route out for all traffic, and configure TMG to restrict the IP addresses you want to allow access to. More of a network security question than Exchange I'd say. Sorry I can't help much more.

    p.s. hope you got your servers sorted out.