Ports from OWA Server to Inside Network


  • We have an front end Exchange 2003 server in our DMZ that users connect to for OWA. From that server to our inside nework it's wide open on the firewall. We'd like to tighen this up. Does anyone know which ports I'll need to open up to the DCs and Exchange servers and anything else?



    Monday, May 17, 2010 1:01 PM


All replies

  • We're also using Active sync. Does that requre different ports? Thanks.
    Monday, May 17, 2010 6:04 PM
  • Hi,

    Please check the article below:

    Ports Used in Exchange Server 2003
    • Marked as answer by Xiu Zhang Monday, May 31, 2010 1:44 AM
    Tuesday, May 18, 2010 8:57 AM
  • Thanks for the link.

    For some reason that list doesn't seem accurate. It says that you only need 80 and 443 from the OWA server inbound. I've found that you need the following...

    • For Exchange Communication:
      • Port 80 for HTTP
      • Port 691 for Link State Algorithm routing protocol
    • For Active Directory communication:
      • Port 389 for LDAP (TCP and UDP)
      • Port 3268 for Global Catalog Server LDAP (TCP)
      • Port 88 for Kerberos Authentication (TCP and UDP)

    It also says that you don't need anything open inbound for ActiveSync. How can that be possible? Doesn't it need to communicate with the Exchange Mailboxes?




    Tuesday, May 18, 2010 4:55 PM
  • Hi.

    ActiveSync is also using vitual directory from IIS server.



    Thursday, May 20, 2010 6:43 AM
  • OK. Thanks.
    Thursday, May 20, 2010 8:31 PM