Solved

How do i configure a firewall to allow mobile access to microsoft exchange 2007

Posted on 2008-10-30
11
274 Views
Last Modified: 2012-05-05
hi all

i am currently looking into allowing mobile device access to our exchange 2007 server for email access.
i plan on using our own certificates on the server and devices - if i figure out how to implement correctly- to allow for ssl connection. But how do i configure our firewall to pass the traffic to the exchange server?

I already forward smtp traffic on the firewall to an email spam /virus  filter server which relays to the exchange server -- so could i have issues trying to bypass this server for mobile devices?
0
Comment
Question by:meteorelec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842414
Exchange mobile should communicate over the same SSL port (443) that OWA uses. Exchange mobile will not function correctly until you have certificates in place. You will probably save yourself a ton of time, effort, and headaches by purchasing a SSL cert from Verisign, etc. rather than implementing your own CA.
0
 

Expert Comment

by:rnekola
ID: 22842508
Would definatly agree with purchasing the SSL cert.  Implemented my own and had issues.  In setting my SSL up I also had to open ports 6001 (Information Store), 6002 (Directory referral) and 6004 (DSProxy) on my firewall.

0
 
LVL 2

Author Comment

by:meteorelec
ID: 22842661
are they expensive from 3rd parties? i am just afraid of purchasing them then not being able to set it up correctly as i have never done so before!
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842845
It all depends on how the Exchange organization is setup. If there is an edge server involved then communication between edge and internal Exchange store needs to be established, but from the edge outwards ports 80 and 443 should be all that is needed.

Make sure to look for an Exchange compatible SSL cert so that is can secure the internal domain name as well as the external name if you are not using an edge server. They can be somewhat expensive, but it depends on who and what level of service you're expecting. GoDaddy has inexpensive ones if you need to play around, but Verisign has very expensive ones - not good to try out with. Although there is often a chance to redo the cert if there is a problem. Sometimes it's at little or no fee but only within a specified amount of time.
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22842916
hi am not using an edge server, i use gfi mail security in front of exchange but its not in DMZ

my setup is as follows:


Router  - Firewall - GFI mail security filter server  ---Exchange 2007 server


has anyone used https://www.startssl.com/ they have a free option!
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842937
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842964
Does your Exchange server currently host web mail?

I've never used STARTSSL before, so I can't offer adivce on that. I've only used Verisign and GoDaddy.
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842979
This should help you out a little more:
http://technet.microsoft.com/en-us/library/aa995962.aspx
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22843022
no web mail as yet
0
 

Expert Comment

by:rnekola
ID: 22843052
Only Verisign and GoDaddy here also.
0
 
LVL 2

Accepted Solution

by:
nytechnoguru earned 500 total points
ID: 22843527
I think it's a good idea to take a step back and start from simple. You should make sure that you can at least access OWA without SSL (not recommended to keep it that way, but for testing it works.) this will establish that your firewall is moving port 80 in/out correctly. You can then duplicate the firewall rule using port 443. You should be able to access OWA using HTTPS, but you'll get a certificate error if you haven't installed a new one.
You should use this process to create a CSR for your SSL certificate (Entrust is another cert provider, but I've never used them):
http://www.entrust.net/ssl-technical/msx2007/csr.cfm

0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question