We are in the process of configuring SSL VPN, we have enabled MS outlook to be available for VPN users thru tunneling. our SSL VPN box is in DMZ, and right now traffic is enabled for port any to any from VPN box to our Backend exchange server which is in different zone and vice-versa.
As part of security, we want only to enable those port which is required to get outlook working thru RPC from SSL VPN box to exchange serrver and vice-versa.
Our Exchange Farm:
Front end server in DMZ (Web mail configured)
Backend server in Server Zone
No RPC over HTTPs configured