Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 283
  • Last Modified:

How do i configure a firewall to allow mobile access to microsoft exchange 2007

hi all

i am currently looking into allowing mobile device access to our exchange 2007 server for email access.
i plan on using our own certificates on the server and devices - if i figure out how to implement correctly- to allow for ssl connection. But how do i configure our firewall to pass the traffic to the exchange server?

I already forward smtp traffic on the firewall to an email spam /virus  filter server which relays to the exchange server -- so could i have issues trying to bypass this server for mobile devices?
0
meteorelec
Asked:
meteorelec
  • 6
  • 3
  • 2
1 Solution
 
nytechnoguruCommented:
Exchange mobile should communicate over the same SSL port (443) that OWA uses. Exchange mobile will not function correctly until you have certificates in place. You will probably save yourself a ton of time, effort, and headaches by purchasing a SSL cert from Verisign, etc. rather than implementing your own CA.
0
 
rnekolaCommented:
Would definatly agree with purchasing the SSL cert.  Implemented my own and had issues.  In setting my SSL up I also had to open ports 6001 (Information Store), 6002 (Directory referral) and 6004 (DSProxy) on my firewall.

0
 
meteorelecAuthor Commented:
are they expensive from 3rd parties? i am just afraid of purchasing them then not being able to set it up correctly as i have never done so before!
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
nytechnoguruCommented:
It all depends on how the Exchange organization is setup. If there is an edge server involved then communication between edge and internal Exchange store needs to be established, but from the edge outwards ports 80 and 443 should be all that is needed.

Make sure to look for an Exchange compatible SSL cert so that is can secure the internal domain name as well as the external name if you are not using an edge server. They can be somewhat expensive, but it depends on who and what level of service you're expecting. GoDaddy has inexpensive ones if you need to play around, but Verisign has very expensive ones - not good to try out with. Although there is often a chance to redo the cert if there is a problem. Sometimes it's at little or no fee but only within a specified amount of time.
0
 
meteorelecAuthor Commented:
hi am not using an edge server, i use gfi mail security in front of exchange but its not in DMZ

my setup is as follows:


Router  - Firewall - GFI mail security filter server  ---Exchange 2007 server


has anyone used https://www.startssl.com/ they have a free option!
0
 
nytechnoguruCommented:
Does your Exchange server currently host web mail?

I've never used STARTSSL before, so I can't offer adivce on that. I've only used Verisign and GoDaddy.
0
 
nytechnoguruCommented:
This should help you out a little more:
http://technet.microsoft.com/en-us/library/aa995962.aspx
0
 
meteorelecAuthor Commented:
no web mail as yet
0
 
rnekolaCommented:
Only Verisign and GoDaddy here also.
0
 
nytechnoguruCommented:
I think it's a good idea to take a step back and start from simple. You should make sure that you can at least access OWA without SSL (not recommended to keep it that way, but for testing it works.) this will establish that your firewall is moving port 80 in/out correctly. You can then duplicate the firewall rule using port 443. You should be able to access OWA using HTTPS, but you'll get a certificate error if you haven't installed a new one.
You should use this process to create a CSR for your SSL certificate (Entrust is another cert provider, but I've never used them):
http://www.entrust.net/ssl-technical/msx2007/csr.cfm

0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 6
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now