Solved

How do i configure a firewall to allow mobile access to microsoft exchange 2007

Posted on 2008-10-30
11
272 Views
Last Modified: 2012-05-05
hi all

i am currently looking into allowing mobile device access to our exchange 2007 server for email access.
i plan on using our own certificates on the server and devices - if i figure out how to implement correctly- to allow for ssl connection. But how do i configure our firewall to pass the traffic to the exchange server?

I already forward smtp traffic on the firewall to an email spam /virus  filter server which relays to the exchange server -- so could i have issues trying to bypass this server for mobile devices?
0
Comment
Question by:meteorelec
  • 6
  • 3
  • 2
11 Comments
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842414
Exchange mobile should communicate over the same SSL port (443) that OWA uses. Exchange mobile will not function correctly until you have certificates in place. You will probably save yourself a ton of time, effort, and headaches by purchasing a SSL cert from Verisign, etc. rather than implementing your own CA.
0
 

Expert Comment

by:rnekola
ID: 22842508
Would definatly agree with purchasing the SSL cert.  Implemented my own and had issues.  In setting my SSL up I also had to open ports 6001 (Information Store), 6002 (Directory referral) and 6004 (DSProxy) on my firewall.

0
 
LVL 2

Author Comment

by:meteorelec
ID: 22842661
are they expensive from 3rd parties? i am just afraid of purchasing them then not being able to set it up correctly as i have never done so before!
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842845
It all depends on how the Exchange organization is setup. If there is an edge server involved then communication between edge and internal Exchange store needs to be established, but from the edge outwards ports 80 and 443 should be all that is needed.

Make sure to look for an Exchange compatible SSL cert so that is can secure the internal domain name as well as the external name if you are not using an edge server. They can be somewhat expensive, but it depends on who and what level of service you're expecting. GoDaddy has inexpensive ones if you need to play around, but Verisign has very expensive ones - not good to try out with. Although there is often a chance to redo the cert if there is a problem. Sometimes it's at little or no fee but only within a specified amount of time.
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22842916
hi am not using an edge server, i use gfi mail security in front of exchange but its not in DMZ

my setup is as follows:


Router  - Firewall - GFI mail security filter server  ---Exchange 2007 server


has anyone used https://www.startssl.com/ they have a free option!
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842937
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842964
Does your Exchange server currently host web mail?

I've never used STARTSSL before, so I can't offer adivce on that. I've only used Verisign and GoDaddy.
0
 
LVL 2

Expert Comment

by:nytechnoguru
ID: 22842979
This should help you out a little more:
http://technet.microsoft.com/en-us/library/aa995962.aspx
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22843022
no web mail as yet
0
 

Expert Comment

by:rnekola
ID: 22843052
Only Verisign and GoDaddy here also.
0
 
LVL 2

Accepted Solution

by:
nytechnoguru earned 500 total points
ID: 22843527
I think it's a good idea to take a step back and start from simple. You should make sure that you can at least access OWA without SSL (not recommended to keep it that way, but for testing it works.) this will establish that your firewall is moving port 80 in/out correctly. You can then duplicate the firewall rule using port 443. You should be able to access OWA using HTTPS, but you'll get a certificate error if you haven't installed a new one.
You should use this process to create a CSR for your SSL certificate (Entrust is another cert provider, but I've never used them):
http://www.entrust.net/ssl-technical/msx2007/csr.cfm

0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question