• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 620
  • Last Modified:

Accessing Outlook thru SSL VPN (port to be Enabled)

We are in the process of configuring SSL VPN, we have enabled MS outlook to be available for VPN users thru tunneling. our SSL VPN box is in DMZ, and right now traffic is enabled for port any to any from VPN box to our Backend exchange server which is in different zone and vice-versa.

As part of security, we want only to enable those port which is required to get outlook working thru RPC from SSL VPN box to exchange serrver and vice-versa.

Our Exchange Farm:
Front end server in DMZ (Web mail configured)
Backend server in Server Zone
No RPC over HTTPs configured
  • 2
2 Solutions

If you are using a VPN, then all you need to open is the VPN port, no other ports need to be open to allow exchange information to pass through, as it will all pass through the VPN port.

Hope that helps!

TJOSYAuthor Commented:
thats from external to VPN box. My requirement is from VPN box to Exchange Server
Oh ok...
Exchange uses alot of ports!

A list of them are available here: http://www.petri.co.il/ports_used_by_exchange.htm

Hope that helps!
What you should do is remove the frontend server from the DMZ. Whatever your reason for putting it there, I can guarantee that it is wrong. It does nothing for your security and actually weakens it.

Put the frontend server inside, configure RPC over HTTPS. It only needs one port then - 443.
You could look at using SSL offloading, which would then only need port 80, but requires very careful configuration. A lot of people have problems with it, so usually end up using conventional RPC over HTTPS with a certificate on the frontend server and just using the SSL VPN as an additional wrapper.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now