Link to home
Start Free TrialLog in
Avatar of cgtyoder
cgtyoder

asked on

Changing WAN port for Outlook Web Access

Running MS Exchange Serve 2003 (6.5) SP2 on Windows 2000 Server SP4.  Users inside the building have access at http://mailserver/exchange (port 80), and I want to allow users to access OWA through the firewall through port mapping at some obscure port.  However, if I map a public port, say, 23844 to port 80 on the mail server, OWA outside the firewall doesn't work.  What other mappings do I need to get this to work?  Thanks for the help.
Avatar of zelron22
zelron22

First, have you changed the NAT to point that port to the OWA server?

Second, be aware that if OWA isn't port 80, Active Sync won't work.
Avatar of cgtyoder

ASKER

Currently, I have the OWA server port changed to port n, and our public IP port n, so there is no change of port in the port mapping from the public IP to the private IP of the OWA server.  If I change the OWA server back to port 80, and change the firewall port mapping to point from port n on the public IP to port 80 on the private IP, then OWA does not function outside the firewall.

Is ActiveSync required for OWA to work?  If not, I don't need that to function outside the firewall.
OWA doesn't respond well to being used on another port.
You don't get security by obscurity. If you want to secure the deployment, use an SSL certificate and only open port 443.

-M
Active Sync isn't required for OWA to work.  But if down the road, your boss says, "Hey, I have this new (insert current hot PDA here) and I want to get my email on it", you may want to be able to tell him "yes" without mucking about with changes you made months ago.

Mestha is, as usual, correct that the best choice would be to get an SSL cert.  Thawte and Verisign have them for only a couple hundred dollars per year.
I realize that using SSL is preferable to a non-encrypted port (security actually IS about obscurity, but that debate is for another time), but this is what I want to do.

Can you be more specific about "OWA doesn't respond well to being used on another port"?  I am using OWA without a problem now, on my non-80 port.  The problem arises when I try to map port 80 internally to another port externally thru the NAT'd firewall.
You can get an SSL certificate for US$30/year from GoDaddy which work fine.
As for OWA, I have just seen it not behave correctly on any other port. I put it back to 80/443 and it behaves.

Moving to an alternative port slows down an attacker for what, 20 seconds, if that. All it does it annoy the users as they have to remember some random port number.

-M
ASKER CERTIFIED SOLUTION
Avatar of Heiko Bialozyt
Heiko Bialozyt
Flag of Switzerland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial