What Firewall Ports Between 3 DAG Members Exchange 2016 Two in Main site and Another in DR site ? RRS feed

  • Question

  • Hi,

    Our security team need firewall ports list to identify on network firewall between 3 "DAG Members" exchange servers 2016 Two server in main datacenter and One in DR datacenter, they not confident to make firewall policy Any Any between servers.

    Could you provide me firewall port should be configured between servers in main site and  ? 

    I know Any Any option is recommended, but in two sites scenario is also recommended ? if yes is there official recommendation from Microsoft regarding that ?


    Sunday, May 19, 2019 5:18 PM


  • Hi,

    As per my experience, yes, ANY/ANY is still a recommended option in cross-site scenario. 

    If you can, the best thing you can do is create an "Exchange Servers" resource group and a "Domain Controllers" (which includes GCs) resource group in your firewall central management software. Once the groups are created push out a rule so those resource groups can ANY/ANY each other. For more details, please refer to Brian's answer in the blog.

    Exchange, Firewalls, and Support… Oh, my!


    Dawn Zhou

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, May 20, 2019 5:21 AM