Solved

Ports that Outlook 2003 use to communicate

Posted on 2007-03-28
4
888 Views
Last Modified: 2010-08-05
Hi there

We would like to segregate a section of our LAN. We would like to configure a Firewall to only allow access to certain ports on our Exchange 2003 so that users in this segment are able to connect with their outlook and use its full functionality.

My question is what ports are necessary for outlook to be able to function correctly??

I have found the following articles, but they are more related to what ports Exchange 2000 / 2003 use :

http://www.petri.co.il/ports_used_by_exchange.htm
http://support.microsoft.com/?kbid=278339

Any help would be appreciated.

Jafar54
0
Comment
Question by:jafar54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:suggestionstick
ID: 18808625
Hi


outlook 2003 used Mapi to comminicate with exchange server, the ports used when outlook connects to an exchange server are RPC assigned ports. You could use rpc over http to tunnel through the firewall , also cisco pix 7.0 has an inspect command for passing RPC.
(I have read recently that it is possible to tie down RPC assigned ports for certain services )

Why do you want to place a firewall between your outlook clients and exchange? Depending on answer, it might be better to use a frontend exchange -> firewall -> backend exchange server -> outlook client solution?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18809543
As hinted above, if you want to lock things down then use RPC over HTTPS. Then you are looking at a single port - 443. Just make sure everything resolves correctly.

Although I am not a fan of internal firewalls blocking access to Exchange. In those scenarios I prefer Exchange and a domain controller to be placed somewhere where everyone has full access (like a DMZ, but with all ports open).

Simon.
0
 
LVL 1

Author Comment

by:jafar54
ID: 18814052
ok i get that reasoning to use RPC over HTTPS...... but say you didn't wanna go that way. Say you are using a unintelligent dumb firewall where you need to specify all the ports required..... ie. the FW is not application aware or anything.

Now you have clients that are using Outlook 2003 with cache mode enabled.... .your Exchange server is setup normally, no fancy config, straight out the box. You also have a stock standard front end server provisioning OWA and OMA.

What ports would you need to open? Or is the message that the easiest and simplest way to do is to use the single port approach with RCP over HTTPS?

Jafar54
0
 
LVL 5

Accepted Solution

by:
suggestionstick earned 500 total points
ID: 18831507
Hi


When the port ares assigned by RPC, they are assigned in a dynamic fashion each time you restart the service, one time they could be 12345 etc and then on the next restart 54311 etc.   If you are using a dumb firewall the the best solution is to use RPC over HTTPS.

As I mentioned in a previous post, you can stop the dynamic nature of RPC (Still really advise using RPC over HTTPS).

http://www.kbalertz.com/Feedback.aspx?kbNumber=833799

http://www.kbalertz.com/Feedback.aspx?kbNumber=270836

Trev.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question