locked
Ports to be opened for Excahange 2003 Reverse Proxy RRS feed

  • Question

  • Hi

    We are using 2 Exchange 2003 BE & 2 FE servers. All placed in internal network. Now we have a reverse proxy appliance placed in DMZ zone. All the features like Webmail, Active Sync and Rpc Over Https are working fine only when we open all ports in internal Firewall from the appliance to FE server. From the appliance we configured to communicate to FE server through port 443. We searched all over internet and didn't find any relevant docs. We expect your help to troubleshoot the issue

    Thanks in advance

     


    LMS
    Thursday, June 2, 2011 2:29 PM

Answers

  • Hi

    We opened the ports 80, 443, 6001,6002 & 6004 to FE servers from BC appliance and thus resolved all issues.

    Thanks all for the help

     


    LMS
    • Marked as answer by Novak Wu Tuesday, June 7, 2011 1:54 AM
    Monday, June 6, 2011 6:40 AM

All replies

  • Here is a good article http://www.isaserver.org/articles/2004perimeterdomain.html
    Thursday, June 2, 2011 2:41 PM
  • 443 for sure and 80 to the CAS if you plan on doing HTTP to HTTPS redirect.

    You will also need to open up ports to the DC for authentication.

     

    LDAP ports: 389, 636 (TCP)

  • Global catalog ports: 3268, 3269 (TCP)

  • RPC services: 1025-5000 (TCP)

  • RPC portmapper listener: 135 (TCP)

  • Kerberos exchanges: 88 (TCP, UDP)


  • James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Thursday, June 2, 2011 2:48 PM
  • 443 and 80 to the CAS if you plan on doing HTTP to HTTPS redirect. Also you will likely need to open ports from your reverse proxy to a DC for authentication.

     

    Configuring Active Directory authentication
    http://technet.microsoft.com/en-us/library/dd857231.aspx


    LDAP ports: 389, 636 (TCP)


     Global catalog ports: 3268, 3269 (TCP)


     RPC services: 1025-5000 (TCP)


     RPC portmapper listener: 135 (TCP)

     

     Kerberos exchanges: 88 (TCP, UDP)


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
    Thursday, June 2, 2011 2:50 PM
  • HI

    Thank You all for helpful relies. Remember that we are not using ISA as reverse proxy, we are using Blue Coat appliance. We will open the above mentioned ports and will update soon

    Regards

     


    LMS
    Thursday, June 2, 2011 4:02 PM
  • How is thing going on? If there is any progress or question, please feel free to post it here.

     

    Thanks.

    Novak


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, June 6, 2011 1:41 AM
  • Hi

    We opened the ports 80, 443, 6001,6002 & 6004 to FE servers from BC appliance and thus resolved all issues.

    Thanks all for the help

     


    LMS
    • Marked as answer by Novak Wu Tuesday, June 7, 2011 1:54 AM
    Monday, June 6, 2011 6:40 AM