Solved

RPC over https for Outlook - Single Server Implementation

Posted on 2008-10-29
7
336 Views
Last Modified: 2009-06-22
I would like to setup my external customers (on the internet) to use Outlook using RPC over https.  I would like to do the single exhange server deployment.  I no perimeter network, no ISA server, or front end proxy server.  We have one firewall.

Is it reasonable to use our Sonicwall to filter the RPC traffic from the outside to our exchange server.  Essentially, I would have to open up ports 6001, 6002, and 6004 (443 is already open)?

client --> sonicwall --> exchange server with rpc over http (configured for https, forced 128bit encryption)
0
Comment
Question by:katfpi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 15

Accepted Solution

by:
tenaj-207 earned 250 total points
ID: 22837081
The first time I did this I used this walk through;
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm

The only suggestion I would make is that you purchase a certificate from Network solutions, GoDaddy or somewhere else.  The self made certificates can cause more problems then what there worth.

If this is a SBS server then you can use a wizard to set this up very easily (even with a self made certificate).
http://technet.microsoft.com/en-us/library/bb123622(EXCHG.65).aspx
0
 
LVL 15

Assisted Solution

by:HayesJupe
HayesJupe earned 250 total points
ID: 22838317
you only need to open 443 to the outside world - the other ports you mention are internal use only.
0
 

Author Comment

by:katfpi
ID: 22841974
Thank you for your response.  I have a 3rd party cert in place for that server already, so it will be a pretty simple process once I feel good about the firewall aspects.

I feel like more research is needed.  The perimeter network accepts incoming traffic and re-routes it specifically and securely inside.

You don't think it's too much of a risk to take out the middle man?  I would be exposing the exchange ports to the outside world.  Having the ISA server would allow us simply to expose those ports via that server only.
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22842648
Since the middle man is forwarding all the ports anyway then the additional risk is minimal, assuming your firewall is configured properly.
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 24651993
Thanks for all your clean up work angelIII!!!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question