[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5257
  • Last Modified:

Exchange 2007 ports

Unless I'm mistaken, I should configure firewall.cpl on the Exchange 2007 box. For local traffic (and remote) traffic (machine is not located on a DMZ, I'm using port forwarding on a non-ISA firewall), what are the appropriate ports to open?

I followed instructions here (http://www.petri.co.il/ports_used_by_exchange.htm) but stopped, thinking that Exchange 2007 may not use those ports. Also, for client->AD->Exchange login traffic (LDAP/Kerberos), the domain controllers (local, not on a DMZ) need(?) firewall.cpl configured as well. Which ports are needed there?

I'm wary (erroneously?) of using these instructions: http://www.msexchange.org/tutorials/Securing-Exchange-2007-Edge-Transport-Servers.html since this should(?) be a simple matter of opening the appropriate tcp/ip ports, and I prefer the manual configuration via firewall.cpl.
0
light-blue
Asked:
light-blue
1 Solution
 
verum_veneratioCommented:
Do not configure the Windows Firewall on your E2K7 server if it is within your perimeter network.  This is not done by default on your W2K3 system.  If you are concerned about securing your E2K7 server you should investigate using the Security Configuration Wizard with the new E2K7 (mode-specific) templates.  This will lock down the services and ports on your server.

However.. you should do this in a lab environment first as this can also cause you to loose connectivity if you apply additional settings to the security policy.

If you want to lock down the communication between your DCs and Exchange servers consider using IPSec with PKI certs on both your DCs and Exchange Servers.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now