• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 383
  • Last Modified:

Exchange won't work with new firewall

As part of a move to a new building we are going to stop using our own firewall and have the university provide us that service.  We have tested de-activating our current firewall rules and NAT and having the university activate them on their side.  Every time we've tested, exchange does not work externally, but  I can send and receive emails inside our network.  The only firewall rules that I had on our firewall was for http, https and smtp.  We do use webmail as well - but that should be covered under the https/smtp ports.

The university looked at their firewall and didn't see any traffic coming in our out.  I found an error in the event viewer that said exchange unable to find underlying transport and listed the tcp/udp port of 47001.  There has never been a firewall rule for that.

Any ideas what rules would be needed/what the issue might be?  As part of this change I also have to change the default gateway from our firewall to the university's gateway.  I do that on the network properties... is this in Exchange some place?
0
cindyfiller
Asked:
cindyfiller
  • 3
  • 3
1 Solution
 
Gary DewrellSenior Network AdministratorCommented:
By any chance is the firewall a Cisco? If so have them look at the FixUp protocals.
0
 
s3e3Commented:
What version of Exchange are you running?

Hop on the exchange server with remote desktop or console and test to see if smtp port is open by running the following command:

telnet aspmx.l.google.com 25

If port 25 outbound is open you should see a google mail server respond.
If you do not see a google mail server respond the firewall is not allowing you out. Do you have internet access from the email server?

The gateway is set on the microsoft networking adapter settings.

You are correct, the only 2 inbound ports you need is 443 and port 25 inbound.
0
 
cindyfillerAuthor Commented:
I have exchange 2010 and yes we are trying to set up the rules on a Cisco firewall.  What does the FixUp protocols do - see if there are errors in the rules?

I did try the telnet, but I don't think I have telnet installed as its not a recognized command.  I can add that and try it again.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Gary DewrellSenior Network AdministratorCommented:
Take a look at this article.

http://support.microsoft.com/kb/320027

It will explain the issue.
0
 
cindyfillerAuthor Commented:
I have our university checking out the firewall for this article.  Very interesting!
0
 
Gary DewrellSenior Network AdministratorCommented:
Been caught by this one several time! :)
Almost always is the problem.

Have a great day!
0
 
cindyfillerAuthor Commented:
It turns out the article referenced above was not the issue, but I think it is the solution for others.  I'm awarding points based on that.  We ended up having to finese the firewall rules that had been created.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now