• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 411
  • Last Modified:

What ports need to be open at the remote site to access OWA?

I know that port 80 needs to be open on my local firewall, but what ports need to be open on a remote site firewall for someone to be able to access OWA from there?

I was always under the impression that as long as the remote site had web access (and of course my firewall allowed it), then anyone at that remote site should be able to access OWA remotely.
0
piersk
Asked:
piersk
  • 4
  • 3
1 Solution
 
bwinzenzCommented:
You are correct.  As long as the remote site can access the Internet (all http traffic uses port 80), then as long as your firewall has port 80 inbound open to the OWA server, they should be able to access it.  There really isn't much more to it than that.  If you think about it, OWA is just another website.

If you want to secure OWA, you would want to use SSL (https) and obtain a certificate from an online certificate authority (such as Thawte).

Ben
0
 
pierskAuthor Commented:
Apparently (having spoken to the support team at the remote location) there are other ports that need to be opened.

I probably should have explained myself a bit better. My colleague can access the site. He can log in and gets the icons on the left and the top, but nothing in the central, main part of the screen. I need to know the ports that need to be unblocked for this to work.
0
 
bwinzenzCommented:
After looking at this again, it appears that the remote client will use a high port locally (1024+) and it connects to port 80 of the OWA server.  However, the outbound connection on the client should occur over port 80.  The local port that the client uses should not matter one bit.

Have you tested logging on to OWA locally on your LAN?  Does that produce different results?  Have you installed URLScan or the IIS Lockdown Tool on the OWA server?  Both of those are known to cause problems with OWA unless they have been specifically tuned for Exchange/OWA.

Ben
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
pierskAuthor Commented:
I havent installed URLScan or IIS Lockdown.

My colleague can access OWA when on dial up from the same workstation, just not when he is on the network (please bear in mind that he is doing some consultancy for another company and is at their offices), so I am trying to fix his for THEIR network guys. I know for a fact that its something to do with their firewall, but they have no idea what port needs to be unblocked, so I am doing the work for them...

I'm not bitter ;-)
0
 
bwinzenzCommented:
Tell ya what.  I'm gonna set up my laptop in our DMZ (to simulate being on the Internet coming in), and I'll run a packet sniffer showing me all traffic from my laptop to my OWA server.  I'll post back the results in a few.  I honestly don't think it is a port issue.  It could be something *else* causing the problem, but it shouldn't be a port issue.

Ben
0
 
bwinzenzCommented:
OK - I just tested this.  Every single packet that was sent from my laptop to my OWA server was sent out on either port 80 or 443 (I have SSL set up).  There were no other ports involved.

I'd suggest that you test this as well.  The tool that I use is called NetworkActivSniffer.  It was a free download.  Do a Google search for it and I'm sure that you will find it.  I agree with you here that something is funky with their end of things, but it is not the ports.  Do they perhaps have some other type of device between your colleague's computer and the Internet?  Have him run a tracert to your OWA server and find all the hops that are on their network.  Make sure there isn't some sort of QoS device that could be blocking the content (Packetshaper, Sitara, etc.).  Is there a Proxy server on their end?

Ben
0
 
pierskAuthor Commented:
Not abandoned, just forgotten (sorry).

Spoke to the IT people their end (having seen bwinzenz's answer) and they have their network set up so that it would allow use of OWA 2k3, but I don't think they really had much of a clue since they didn't know how to change it to allow access for OWA2000. Such is life
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now