• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5267
  • Last Modified:

Exchange 2007 ports

Unless I'm mistaken, I should configure firewall.cpl on the Exchange 2007 box. For local traffic (and remote) traffic (machine is not located on a DMZ, I'm using port forwarding on a non-ISA firewall), what are the appropriate ports to open?

I followed instructions here (http://www.petri.co.il/ports_used_by_exchange.htm) but stopped, thinking that Exchange 2007 may not use those ports. Also, for client->AD->Exchange login traffic (LDAP/Kerberos), the domain controllers (local, not on a DMZ) need(?) firewall.cpl configured as well. Which ports are needed there?

I'm wary (erroneously?) of using these instructions: http://www.msexchange.org/tutorials/Securing-Exchange-2007-Edge-Transport-Servers.html since this should(?) be a simple matter of opening the appropriate tcp/ip ports, and I prefer the manual configuration via firewall.cpl.
1 Solution
Do not configure the Windows Firewall on your E2K7 server if it is within your perimeter network.  This is not done by default on your W2K3 system.  If you are concerned about securing your E2K7 server you should investigate using the Security Configuration Wizard with the new E2K7 (mode-specific) templates.  This will lock down the services and ports on your server.

However.. you should do this in a lab environment first as this can also cause you to loose connectivity if you apply additional settings to the security policy.

If you want to lock down the communication between your DCs and Exchange servers consider using IPSec with PKI certs on both your DCs and Exchange Servers.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now