Solved

SBS 2003 RWW/OMA - firewall port forwarding and security advice

Posted on 2009-05-17
5
1,697 Views
Last Modified: 2013-12-02
I would be grateful for some clarification and advice - I am in the process of planning to use Outlook Mobile Access and then Remote Web Workplace on my SBS 2003 server (1 NIC), which has 5 client computers.

My setup is a Netgear DG834G modem/router > Netgear FVS318 hardware firewall (my ISP doesn't use PPOE) > server/client computers on the 192.168.x.x LAN.

I would like to try to use OMA using my Blackberry and in the near future when I get an offsite machine, use RWW. Before I do this I would appreciate some advice: -

1. To forward the necessary ports to the server, will I have to forward the ports on both the router and hardware firewall to the server, or just the router?
2. Although I understand that SSL can be used, is it just the strength of the passwords that will protect the server from unauthorised access from the internet?

Thanks for your help.
0
Comment
Question by:CSHTech
  • 3
  • 2
5 Comments
 
LVL 8

Expert Comment

by:Perry_IDITC
ID: 24406513
Hi,

When you foward the ports you need to configure it in such a way that communication is possible from the internet to the sever on the required ports. So if you have 2 firewalls in the way like a hardware one and the windows firewall, you will need to foward the port on the hardware firewall then open the port on the windows firewall.

Using SSL is a really good ideal. It encrypts communication between your mobile device and the server, so passwords and such are not as open to man in the middle attacks. you can either buy a SSL from godaddy or somewhere for your sever or create your own. Its is a better idea to buy a SSL because it will automatically be trusted and less configuration is required. Also you might want to consider using the Blackberry Profissional Software (10 blackberrys max) or Enterprise Software (unlimited blackberrys) so the calander and contacts will sync in addition to the e-mails.

Cheers,
Perry
0
 

Author Comment

by:CSHTech
ID: 24407025
Thanks for your reply.

I've added the forwarding rules to the router and hardware firewall. I've also run the CEICW again and ticked OWA, OMA etc (although got the popup that the firewall could not be configured - possibly because I only have 1NIC?) but cannot reach OWA, OMA, or Exchange via //:servername/owa in the IE address bar. I keep getting "Internet Explorer cannot display the webpage".

Any thoughts?
0
 
LVL 8

Accepted Solution

by:
Perry_IDITC earned 300 total points
ID: 24407087
Things you need to check:

DNS: both internal and external (if you are going to use it remotely) Make sure your server is setup as a dns server and is configured properly.
Firewalls: make sure ports 80, 443, 25 and 4125 are open or are on the allowed list
Make sure IIS is started
Exchange is configured right?
Are you able to view the oma page by http://192.168.x.x/OMA or http://servername/OMA not OWA?
0
 

Author Comment

by:CSHTech
ID: 24407372
Everything checks on your list. When I log in either on the LAN using http://servername/oma or using my mobile with http://dnsname.oma, I get the error message:-

"Your account is not configured for wireless access"  

...which on checking Google has something to do with Exchange, but I'm a bit lost at this point.....any help much appreciated.
0
 

Author Closing Comment

by:CSHTech
ID: 31582335
Perry, thanks for your help. The latest issue should be the subject of another question, so I've awarded the points now.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now