mkurtzhals
asked on
Users cannot connect to Outlook when windows firewall is enabled on the exchange server
Users cannot connect to Outlook when windows firewall is enabled on the exchange server. Any ideas how I can set this up so they both work without being at a security risk. Or should I setup a different firewall for the network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I agree with redseatechnologies! You shouldn't have the windows firewall on the exchange server. You should have a hardware firewall or a box running a dedicated software firewall at your gateway to the internet! My preference is a Cisco PIX but there are many other firewalls for all budgets large and small.
Turn off the Firewall but If you feel like keepin it on then manually add these ports under the exceptions tab in the Windows Firewall settings.
Port Process Description
20 FTP File Transfer Protocol - Data
21 FTP File Transfer Protocol - Control
25 SMTP Simple Mail Transfer Protocol
53 DNS Domain Name System
69 TFTP Trivial File Transfer Protocol
80 HTTP Hypertext Transfer Protocol
110 POP3 Post Office Protocol
443 HTTPS Hypertext Transfer Protocol - Secure
445 File Sharing
Port Process Description
20 FTP File Transfer Protocol - Data
21 FTP File Transfer Protocol - Control
25 SMTP Simple Mail Transfer Protocol
53 DNS Domain Name System
69 TFTP Trivial File Transfer Protocol
80 HTTP Hypertext Transfer Protocol
110 POP3 Post Office Protocol
443 HTTPS Hypertext Transfer Protocol - Secure
445 File Sharing
If you do that Juan, Outlook will still not connect
You have left out the rpc ports!
You have left out the rpc ports!
Is it possible that the users are not getting an IP address via DHCP? If so just enable the DHCP client settings so that the users are provided the IP address. I would also concur and say that the hardware method is the best for firewalls. You can use PIXs and VPNs to secure your network to best suit your needs. Cisco is the most used and expensive however.
GL/
GL/
I would not put a firewall on the exchange server.. have a hardware appliance... however if you want to stick to it, look into enabling RPC over http proxy. this would would work if it is exchange 2003
You can also create a windows firewall rule to allow all IP traffic from your LAN's Network range. (ie. 192.168.10.1-155). But , yes, you really should install a firewall at the gateway.
Except the mainly static ports as above, you should also open DYNAMIC port between Exchange & OUTLOOK connection in firewall. (TCP 1024 - 5000)
SMTP (Simple Mail Transfer Protocol)
This is a protocol for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client using either POP or IMAP. In addition, SMTP is generally used to send messages from a mail client to a mail server. This is why you need to specify both the POP or IMAP server and the SMTP server when you configure your e-mail application. (Allow outbound TCP local ports 1024-5000 remote port 25)
More Information
Exchange Server static port mappings
http://ask.support.microsoft.com/kb/270836/en-us
*** Even fixed it in registry
How to configure RPC dynamic port allocation to work with firewalls
http://ask.support.microsoft.com/kb/154596/en-us
SMTP (Simple Mail Transfer Protocol)
This is a protocol for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client using either POP or IMAP. In addition, SMTP is generally used to send messages from a mail client to a mail server. This is why you need to specify both the POP or IMAP server and the SMTP server when you configure your e-mail application. (Allow outbound TCP local ports 1024-5000 remote port 25)
More Information
Exchange Server static port mappings
http://ask.support.microsoft.com/kb/270836/en-us
*** Even fixed it in registry
How to configure RPC dynamic port allocation to work with firewalls
http://ask.support.microsoft.com/kb/154596/en-us
Hi,
I agree that you should disable the windows firewall and protect yourself at gatewat level with a hardware firewall. I take it that you have already turned off the firewall to check that is the problem.
I agree that you should disable the windows firewall and protect yourself at gatewat level with a hardware firewall. I take it that you have already turned off the firewall to check that is the problem.