Firewall ports I can close

corecc
corecc used Ask the Experts™
on
Hi,

I have a SBS 2008 server but reasonatly I moved to a Google apps so do not use the exchange functionality. I currenty opened the default ports on my firewall recommended by MS. Ports 25, 80, 443 , 987 and 1723. I also do not use a VPN. I have a client who is reviewing my securiy and they wants me to close all these ports. Will this affect anything and how unsafe is it to have these ports open?

Regards

Baz
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
Ports 25, 80 and 987 are email and internet. Ports 443 and 1723 are for some VPN and if you do not use it, you can close them.

... Thinkpads_User

Commented:
If you do not need access to that server from the outside, then the ports should be safe to close.  Closing the ports should not affect internal access to the server.

Port 25 = mail traffic
Ports 80 and 443 = web traffic
Port 1723 = VPN traffic
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
As I look again at port 443 (SSL VPN) it can be used for other secure sites, so take care about closing it. You probably can, but just check the outcome. .... Thinkpads_User
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Author

Commented:
mmahaek, if ports 80 and 443 are for web traffic and I close them will it stop internet access?

And will it stop logmein working
You are not using Exchange server as you said and also will not use VPN as you said. So you can also these ports. Because now there is not use of them. But port number 80 and 443 is also use for webservers. be sure, you are also not it as webserver.
Commented:
80 and 443 are for incoming web access.  These would have been to allow outside access to OWA for your Exchange.  If you are no longer hosting your own e-mail, it should not be a problem.

The firewall protects incoming traffic.  Closing the ports will not stop users from getting out to the Internet.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
If you close off port 80 it will stop web traffic. That seems to me to be unnecissarily restrictive. You probably can safely leave 443 open without big issue. I do not have issues with ports 80 or 443 at my clients (Juniper Netscreen Firewalls). .... Thinkpads_User

Commented:
neil40m does have a point - 80 and 443 are safe to close if you are not running any other web sites on the server.

25 is safe to close if you do not have a e-mail server running.

987 and 1723 are safe to close if you don't host VPN.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
I use port 987 for email (not Exchange), so be careful of that one too as it may affect other users. .... Thinkpads_User

Author

Commented:
Thanks for you advise

Commented:
Further research - TCP 987 is used by SBS for HTTPS access to SharePoint services in the Remote Web Workspace.

http://technet.microsoft.com/en-us/library/sbs-2008-install-worksheet(v=ws.10).aspx

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial