Solved

How do i configure a firewall to allow mobile access to microsoft exchange 2007

Posted on 2008-10-30
11
269 Views
Last Modified: 2012-05-05
hi all

i am currently looking into allowing mobile device access to our exchange 2007 server for email access.
i plan on using our own certificates on the server and devices - if i figure out how to implement correctly- to allow for ssl connection. But how do i configure our firewall to pass the traffic to the exchange server?

I already forward smtp traffic on the firewall to an email spam /virus  filter server which relays to the exchange server -- so could i have issues trying to bypass this server for mobile devices?
0
Comment
Question by:meteorelec
  • 6
  • 3
  • 2
11 Comments
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842414
Exchange mobile should communicate over the same SSL port (443) that OWA uses. Exchange mobile will not function correctly until you have certificates in place. You will probably save yourself a ton of time, effort, and headaches by purchasing a SSL cert from Verisign, etc. rather than implementing your own CA.
0
 

Expert Comment

by:rnekola
ID: 22842508
Would definatly agree with purchasing the SSL cert.  Implemented my own and had issues.  In setting my SSL up I also had to open ports 6001 (Information Store), 6002 (Directory referral) and 6004 (DSProxy) on my firewall.

0
 
LVL 2

Author Comment

by:meteorelec
ID: 22842661
are they expensive from 3rd parties? i am just afraid of purchasing them then not being able to set it up correctly as i have never done so before!
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842845
It all depends on how the Exchange organization is setup. If there is an edge server involved then communication between edge and internal Exchange store needs to be established, but from the edge outwards ports 80 and 443 should be all that is needed.

Make sure to look for an Exchange compatible SSL cert so that is can secure the internal domain name as well as the external name if you are not using an edge server. They can be somewhat expensive, but it depends on who and what level of service you're expecting. GoDaddy has inexpensive ones if you need to play around, but Verisign has very expensive ones - not good to try out with. Although there is often a chance to redo the cert if there is a problem. Sometimes it's at little or no fee but only within a specified amount of time.
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22842916
hi am not using an edge server, i use gfi mail security in front of exchange but its not in DMZ

my setup is as follows:


Router  - Firewall - GFI mail security filter server  ---Exchange 2007 server


has anyone used https://www.startssl.com/ they have a free option!
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842937
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842964
Does your Exchange server currently host web mail?

I've never used STARTSSL before, so I can't offer adivce on that. I've only used Verisign and GoDaddy.
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842979
This should help you out a little more:
http://technet.microsoft.com/en-us/library/aa995962.aspx
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22843022
no web mail as yet
0
 

Expert Comment

by:rnekola
ID: 22843052
Only Verisign and GoDaddy here also.
0
 
LVL 2

Accepted Solution

by:
nytechnoguru earned 500 total points
ID: 22843527
I think it's a good idea to take a step back and start from simple. You should make sure that you can at least access OWA without SSL (not recommended to keep it that way, but for testing it works.) this will establish that your firewall is moving port 80 in/out correctly. You can then duplicate the firewall rule using port 443. You should be able to access OWA using HTTPS, but you'll get a certificate error if you haven't installed a new one.
You should use this process to create a CSR for your SSL certificate (Entrust is another cert provider, but I've never used them):
http://www.entrust.net/ssl-technical/msx2007/csr.cfm

0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now