• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Securing MAPI Ports to Traverse Firewall

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Mobility >> Securing MAPI Ports to Traverse Firewall Page: [1]
Login
Message << Older Topic   Newer Topic >>
Securing MAPI Ports to Traverse Firewall - 22.Jul.2009 4:57:07 AM   
colinghart

 

Posts: 2
Joined: 22.Jul.2009
Status: offline
Morning All.

I have a need to secure the firewall that sits between CAS / MB Server and Outllok Clients. Rather than use Outlook antwhere I have been asked to lock down the MAPI port.

I have searched through the forums and googled... I see many people asking this question but no one has answered. How do I lock down Exchange 2007 to use 1 port for MAPI?

Regards

Colin.
Post #: 1
RE: Securing MAPI Ports to Traverse Firewall - 22.Jul.2009 11:09:36 AM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
quote:

I have a need to secure the firewall that sits between CAS / MB Server and Outllok Clients


Why is there a firewall between the CAS\MB server and Outlook clients? Are you talking about clients connecting externally??

If so, then in reality you dont need to do anything! If you're using Outlook AnyWhere, the only port you are required to open on your external firewall is HTTPS (443) and thats all! All MAPI (RPC) traffic will be encapsulated in an HTTPS request and sent to the CAS role, hence the reason why it used to be called RPC over HTTP(s).

If I am going in a different direction, please provide detailed information on exactly what you are trying to accomplish.

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to colinghart)
Post #: 2
RE: Securing MAPI Ports to Traverse Firewall - 22.Jul.2009 12:31:52 PM   
colinghart

 

Posts: 2
Joined: 22.Jul.2009
Status: offline
Applogies.. The firewall / (s) is for the client VPN. When clients connect over the VPN we need to define which ports are permitted through. For some reason i'm being told using outlook anywhere is not desirible as it means re-configuring many many clients around the world...

So in basic...

Client --> VPN Gateway -->Firewall -->Firewall --> Firewall.

little crazy i know but this is my dilemma.

Can anyone help?

(in reply to de.blackman)
Post #: 3
RE: Securing MAPI Ports to Traverse Firewall - 22.Jul.2009 1:54:01 PM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Well it seems like you want to open up the firewall so Outlook can connect through the VPN using MAPI or RPC connections?! To be honest, I would reconsider this simply because there is no way it will work with opening up one port!! You will have to open up multiple ports on your firewall that it'll make it look like swiss cheese! You will need ports open for DNS, RPC, Active Directory (that will include ports for global catalog servers and for authentication) and Exchange!

What version(s) of Outlook is the majority of your users using?

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to colinghart)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Mobility >> Securing MAPI Ports to Traverse Firewall Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter