Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do i configure a firewall to allow mobile access to microsoft exchange 2007

Posted on 2008-10-30
11
Medium Priority
?
281 Views
Last Modified: 2012-05-05
hi all

i am currently looking into allowing mobile device access to our exchange 2007 server for email access.
i plan on using our own certificates on the server and devices - if i figure out how to implement correctly- to allow for ssl connection. But how do i configure our firewall to pass the traffic to the exchange server?

I already forward smtp traffic on the firewall to an email spam /virus  filter server which relays to the exchange server -- so could i have issues trying to bypass this server for mobile devices?
0
Comment
Question by:meteorelec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842414
Exchange mobile should communicate over the same SSL port (443) that OWA uses. Exchange mobile will not function correctly until you have certificates in place. You will probably save yourself a ton of time, effort, and headaches by purchasing a SSL cert from Verisign, etc. rather than implementing your own CA.
0
 

Expert Comment

by:rnekola
ID: 22842508
Would definatly agree with purchasing the SSL cert.  Implemented my own and had issues.  In setting my SSL up I also had to open ports 6001 (Information Store), 6002 (Directory referral) and 6004 (DSProxy) on my firewall.

0
 
LVL 2

Author Comment

by:meteorelec
ID: 22842661
are they expensive from 3rd parties? i am just afraid of purchasing them then not being able to set it up correctly as i have never done so before!
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842845
It all depends on how the Exchange organization is setup. If there is an edge server involved then communication between edge and internal Exchange store needs to be established, but from the edge outwards ports 80 and 443 should be all that is needed.

Make sure to look for an Exchange compatible SSL cert so that is can secure the internal domain name as well as the external name if you are not using an edge server. They can be somewhat expensive, but it depends on who and what level of service you're expecting. GoDaddy has inexpensive ones if you need to play around, but Verisign has very expensive ones - not good to try out with. Although there is often a chance to redo the cert if there is a problem. Sometimes it's at little or no fee but only within a specified amount of time.
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22842916
hi am not using an edge server, i use gfi mail security in front of exchange but its not in DMZ

my setup is as follows:


Router  - Firewall - GFI mail security filter server  ---Exchange 2007 server


has anyone used https://www.startssl.com/ they have a free option!
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842937
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842964
Does your Exchange server currently host web mail?

I've never used STARTSSL before, so I can't offer adivce on that. I've only used Verisign and GoDaddy.
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842979
This should help you out a little more:
http://technet.microsoft.com/en-us/library/aa995962.aspx
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22843022
no web mail as yet
0
 

Expert Comment

by:rnekola
ID: 22843052
Only Verisign and GoDaddy here also.
0
 
LVL 2

Accepted Solution

by:
nytechnoguru earned 2000 total points
ID: 22843527
I think it's a good idea to take a step back and start from simple. You should make sure that you can at least access OWA without SSL (not recommended to keep it that way, but for testing it works.) this will establish that your firewall is moving port 80 in/out correctly. You can then duplicate the firewall rule using port 443. You should be able to access OWA using HTTPS, but you'll get a certificate error if you haven't installed a new one.
You should use this process to create a CSR for your SSL certificate (Entrust is another cert provider, but I've never used them):
http://www.entrust.net/ssl-technical/msx2007/csr.cfm

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question