Need to know the ports that need to be opened on the firewall between the Front End OWA and the Back End Exchange 2003 (internal LAN) RRS feed

  • Question

  • Hi,

    We are running an Exchange 2003 server a OWA front end and a back end that runs the mailbox server.

    We are trying to identify the ports that need to be open between the front-end (OWA) which is on the DMZ and the back-end mailbox server (protected LAN) for the users to be able to access to their mail. 

    The current rule is ANY and we need to narrow this down to the ports are needed.

    Thank you.   

    Tuesday, March 22, 2011 2:18 PM


All replies

  • On the intranet firewall (which connects the DMZ and the internal network) we have to opened the following ports: For Exchange Communication: Port 80 for HTTP Port 691 for Link State Algorithm routing protocol For Active Directory communication: Port 389 for LDAP (TCP and UDP) Port 3268 for Global Catalog Server LDAP (TCP) Port 88 for Kerberos Authentication (TCP and UDP) DNS 137 UDP 53 TCP,UDP These ports seem to be fine and OWA works fine. I have found and article that specifies the following ports: OWA box: 53 TCP,UDP; 88 TCP, UDP; 123 TCP; 135 TCP; 389 TCP, UDP; 445 TCP; 3268 TCP; 137 UDP; 138 UDP; and 139 TCP. I have not included the following ports on my firewall but I was wondering if they need to be opened 123 TCP;135 TCP;445 TCP;138 UDP; and 139 TCP
    Tuesday, March 22, 2011 3:00 PM
  • You can follow the guidance here, it has all the ports you need to open.

    Implementing Outlook Web Access with Exchange Server 2003


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
    • Marked as answer by Novak Wu Friday, April 1, 2011 8:17 AM
    Tuesday, March 22, 2011 4:40 PM

    James’s link has mentioned all the needed ports when using OWA in Exchange 2003 server. Regarding to port 135 TCP, you should enable it to connect to the DC and GC you want by editing the server properties in Exchange System Manager.


    Regarding to other port, you need not enable them if there is no other application on the server which requires the port.



    Novak Wu


    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, March 23, 2011 7:58 AM