locked
Exchange 2010 ports to be opened in Firewall for Outlook 2016 connectivity RRS feed

  • Question

  • Hi

    We are looking for ports to be opened for Outlook (2016) connectivity to Exchange 2010 CAS (as well MB). As of now we opened RPC ports (135) and dynamic range 49152-65535. For outlook anywhere 443 is opened from Outside to reverse proxy and from reverse proxy to CAS opened RPC dynamic ports. Also it will be good if we get an article to restrict the ports on CAS / MB servers

    Thanks in advance


    LMS

    Monday, May 1, 2017 5:56 AM

All replies

  • Internally or externally?  Internally, virtually all of them.  You might as well open all of them.  Externally, just TCP 443.  Have you defined different names for the CAS array and the HTTPS services?  That might fix any issues you might be having.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Monday, May 1, 2017 6:58 AM
  • Thank You, so how can we restrict the ports on CAS server instead of opening all Dynamic range

    LMS

    Monday, May 1, 2017 7:47 AM
  • This is how you can lock down MAPI to a single port but I don't recommend it.  You shouldn't have a firewall between internal clients and Exchange.  External clients should be using Outlook Anywhere exclusively.

    https://social.technet.microsoft.com/wiki/contents/articles/864.configure-static-rpc-ports-on-an-exchange-2010-client-access-server.aspx

    You could upgrade to Exchange 2016 (or 2013), which only supports Outlook Anywhere or MAPI over HTTPS, requiring only TCP 443.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!



    Monday, May 1, 2017 7:30 PM
  • Hi LMS,

    Just checking in to see if above information was helpful. Please let us know if you would like further assistance. If the issue has been resolved, please mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well.

    Thanks for your understanding,

    Regards,


    Niko Cheng
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 25, 2017 10:16 AM
    Moderator