Solved

RPC over https for Outlook - Single Server Implementation

Posted on 2008-10-29
7
331 Views
Last Modified: 2009-06-22
I would like to setup my external customers (on the internet) to use Outlook using RPC over https.  I would like to do the single exhange server deployment.  I no perimeter network, no ISA server, or front end proxy server.  We have one firewall.

Is it reasonable to use our Sonicwall to filter the RPC traffic from the outside to our exchange server.  Essentially, I would have to open up ports 6001, 6002, and 6004 (443 is already open)?

client --> sonicwall --> exchange server with rpc over http (configured for https, forced 128bit encryption)
0
Comment
Question by:katfpi
  • 3
7 Comments
 
LVL 15

Accepted Solution

by:
tenaj-207 earned 250 total points
ID: 22837081
The first time I did this I used this walk through;
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm

The only suggestion I would make is that you purchase a certificate from Network solutions, GoDaddy or somewhere else.  The self made certificates can cause more problems then what there worth.

If this is a SBS server then you can use a wizard to set this up very easily (even with a self made certificate).
http://technet.microsoft.com/en-us/library/bb123622(EXCHG.65).aspx
0
 
LVL 15

Assisted Solution

by:HayesJupe
HayesJupe earned 250 total points
ID: 22838317
you only need to open 443 to the outside world - the other ports you mention are internal use only.
0
 

Author Comment

by:katfpi
ID: 22841974
Thank you for your response.  I have a 3rd party cert in place for that server already, so it will be a pretty simple process once I feel good about the firewall aspects.

I feel like more research is needed.  The perimeter network accepts incoming traffic and re-routes it specifically and securely inside.

You don't think it's too much of a risk to take out the middle man?  I would be exposing the exchange ports to the outside world.  Having the ISA server would allow us simply to expose those ports via that server only.
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22842648
Since the middle man is forwarding all the ports anyway then the additional risk is minimal, assuming your firewall is configured properly.
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 24651993
Thanks for all your clean up work angelIII!!!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Outlook Free & Paid Tools
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now