OWA Externally not working

I currently have OWA configured to be working internally in the network when people go to //servername/exchange.   However, I need this to be working externally as well.  I have ports 443 and 25 open on the router, and my A record and MX record on my hosting is pointing to the e-mail server.  Am I missing something?  I am behind a FortiGate FortiNet router (Fortigate-100A 3.00,build0474,061228).   Everything seems to be in place but I cant understand for the life of me why this is not working.  We are not and will not be using an ISA server.
sbalawajderAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Hello sbalawajder,

You have port forwarding on - but have you allowed TCP pot 443 inbound and outbound on the firewall ;)

Regards,

PeteLong
0
redseatechnologiesCommented:
Do you have SSL enabled on the server?

If not, you will need to open port 80 (or install a certificate)

http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
http://www.msexchange.org/tutorials/MF004.html

Try it internally, https://servername/exchange

-red
0
sbalawajderAuthor Commented:
Yes, the SSL certificate is installed and port 80 is open as well.  Let me show you what my firewall settings are (directly from the router)

 Name       IP       Service Port       Map to IP/IP Range       Map to Port       
Exchange1 SSL Connection       wan1/64.19.148.85       443/tcp       10.0.0.53       443/tcp       ]
Exhcange1 RDP       wan1/64.19.148.82       3391/tcp       10.0.0.53       3389/tcp         [Edit]
OWA       wan1/64.19.148.85       25/tcp       10.0.0.53       25/tcp       [Delete]   [Edit]
OWA SSL       wan1/64.19.148.82       443/tcp       10.0.0.53       443/tcp       [Delete]   [Edit]
Server POP3       wan1/64.19.148.82       110/tcp       10.0.0.4       110/tcp         [Edit]
Server RDP       wan1/64.19.148.82       3390/tcp       10.0.0.4       3389/tcp         [Edit]
Server SMTP       wan1/64.19.148.82       25/tcp       10.0.0.4       25/tcp         [Edit]
Solomon HTTP       wan1/64.19.148.82       80/tcp       10.0.0.3       80/tcp         [Edit]
Solomon RDP       wan1/64.19.148.82       3389/tcp       10.0.0.3       3389/tcp         [Edit]
http://mail.888digital.com/       wan1/64.19.148.85       80/tcp       10.0.0.53       80/tcp       [Delete]   [Edit]
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

sbalawajderAuthor Commented:
if you are wondering why theres 2 addresses doing the same thing, .82 was supposed to be the one to do it, but since we figured everything else is pretty much going on that, we decided to move it to our .85...........anyways, we have A records pointing to both addresses so it should resolve no matter what, right?
0
redseatechnologiesCommented:
mail.888digital.com translates to 82

and is not answering on port 80 or 443

something on 85 is answering on 80, but it is not an exchange server (although it has IIS)

internally, if you go to https://10.0.0.53/exchange what do you get?
0
sbalawajderAuthor Commented:
redseattechnologies:

if i go internally to https://10.0.0.53/exchange, I get OWA
0
redseatechnologiesCommented:
rats, that means that exchange is configured right and not listening on a dud IP.

it is simply timing out from here, which means that your firewall is obviously the culprit.  Do you have anything in the logs of the firewall?
0
sbalawajderAuthor Commented:
Nothing in the logs shows whats going on.....
0
redseatechnologiesCommented:
Do you actually see the connection though?

allow or deny, just wondering if it shows.

Alternatively, can you try moving it all to .82 for a test (as that appears to be working for 1 server)
0
sbalawajderAuthor Commented:
I already have the connections in place for .82 and .85............shouldnt it find one or the other?  I try going to https://owa.888digital.com/exchange and https://mail.888digital.com/exchange and I get the timeout.  This is getting rather frustrating!  I called the FortiNet people, and all they can tell me is "I dont know" which I thought was against the first law of tech support!
0
redseatechnologiesCommented:
ahhh yes, i can see that 443 goes to both already.

Try doing the same with port 80 - to rule out Pete's idea that there is some other kind of rule there
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sbalawajderAuthor Commented:
80 is open on both as well....
0
redseatechnologiesCommented:
as of now?  because the list above doesn't show that
0
sbalawajderAuthor Commented:
OK, I have solved the problem!  It appears with this router after you add a virtual IP (for port forwarding), you need to apply it into a policy before the changes would take effect.  I will assign the points to redseat though, as he was correct in that I did not have port 80 open.  Thanks for the help guys.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.