Firewall/Port setup for outlook anywhere/active sync from WAN


  • We have Exchange 2007 and I am wanting to start using Outlook Anywhere and Exchange Active Sync from the WAN.  I want to use SSL on both but I cannot find anywhere to change the port for this?  Are you forced to use 443 for both services?  The exchange server is behind a firewall that has webservers listening on 443 already....what is the usual course of action to allow this....?  Is pretty much everyone just putting their mail server on another network with separate firewall? 

    Thanks in advance.
    Thursday, April 01, 2010 5:35 PM


All replies

  • not sure what kind of fw you use. If you have multiple Public IP addresses, it's easy to setup.
    Thursday, April 01, 2010 5:46 PM
  • Problem is the firewall is behind a WAN aggregation device that takes 4 WAN IPs and then and forwards them onto the firewall.  Is there a way to do it in this scenario?
    Thursday, April 01, 2010 9:06 PM
  • So the WAN aggregator forwards traffic from all 4 IP's to the same firewall?

    Is there anyway from the firewall to distinguish which source IP the traffic came in on?

    If so, you should be able to setup a static NAT to the interal IP for the exchange server if this facility exists on the firewall?

    It all depends on your hardware.



    Thursday, April 01, 2010 10:01 PM
    • Marked as answer by Allen Song Friday, April 09, 2010 9:48 AM
    Wednesday, April 07, 2010 9:32 AM
  • We don't have ISA, we have a fortinet firewall. Can you help?

    Gary Nickerson, gary@gwntec.com


    Gary W. Nickerson
    Tuesday, December 27, 2011 8:55 PM
  • Hi GWN1943,

    I know this is a late reply, but I can help with the Fortinet.

    Wednesday, September 26, 2012 1:07 PM
  • Dear Tiago Pinto-Coelho,

    we have fortinet firewall,also we have exchange server behind firewall,can we enable access to exchange server (mailboxes) from internet (smartphone device) not directly ,in other word,we need to restrict some user to access to his mail box from internet (we need intermediate software that can restrict user who can access to his mail box on this intermediate software).

    previously,we used Blackberry enterprise server to specified specific user to access to his exchange mailbox from blackberry smartphone,we need something like BES


    Monday, June 17, 2013 10:05 AM