Exchange 2013 connection with outlook

Dear Experts,

 I have an exchange 2013 running with fortigate Dynamic DNS.
I have configured smart host relay to send on behalf. Also setup email gateway since our isp blocks port 25.

The problem is, i only want give exchange connection  from their devices if they are on the same internal  network.
But if they connect outside the network they cannot connect their outlook to my exchange server.
Only way they can connect to exchange 2013 outside is through VPN. only after vpn network is established.

But  the problem is when the users are connected to another network they still can access the exchange server and they can send and receive emails.

please help me in sorting out this issue as my management doesn't want  any external connection to exchange.

Thanks and Regards
Raneesh.A
Raneesh AIT EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Miguel Angel Perez MuñozCommented:
You can setup your Exchange firewall to block Outlook connections from external networks. You only need to permit all traffic from internal IP subnet, and block Outlook ports from external IP address: http://blogs.technet.com/b/exchange/archive/2013/02/18/exchange-firewalls-and-support-oh-my.aspx
0
Raneesh AIT EngineerAuthor Commented:
If i do so can the internal users able to send/receive emails to outside (like gmail,yahoo).. ?
0
Miguel Angel Perez MuñozCommented:
Yes, but must to review first your configuration. it is good idea let only required traffic and block the rest:

Case your SMTP virtual server uses external DNS server, your firewall must let this traffic, otherwise you can block it.
Case your organization require OWA, let 443 TCP port.
Ensure your external send/receive connector (usually 25 TCP port) is open on firewall

Other traffic may be blocked from outside.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Raneesh AIT EngineerAuthor Commented:
I disabled all the port forwarding except for port 26 since my port 25 is blocked by ISP and the 3rd party app is receiving my emails on 25 and forwarding to me on port 26.

But the issue is when i disconnect my lan and connect to wifi (which is no different network) my exchange is not connecting. Yes it is working.
But when i tried after connecting to VPN still i am not able to connect to exchnage. I tried to ping to ip and it is working fine.
but i tried to ping to exchange server using fqdn it is going to dyndns.

So i put the entry in the hosts to forward all the domain to internal ip and it is working fyn now.
19.168.0.15 exchange.xyz.com

No the exchange can connect to server if vpn is connected.

But i want to ask you if this is a good practice or do i have to any other setting without host entries.

please advice me.
0
Miguel Angel Perez MuñozCommented:
But when i tried after connecting to VPN still i am not able to connect to exchnage. I tried to ping to ip and it is working fine.
It is possible your VPN is blocking traffic to Exchange. Review your config.
but i tried to ping to exchange server using fqdn it is going to dyndns. What??? Are you using your internal name on internet with any kind of alias? I suggest you use internal name different from external to avoid this problems.
But i want to ask you if this is a good practice or do i have to any other setting without host entries. I don´t understand exactly your problem. You are connecting using external name from internal and not work, this is normal, you must to use internal, doesn´t matter you are accessing from LAN or VPN.
0
Raneesh AIT EngineerAuthor Commented:
Ok I understand the issue. My internal and external fqdn name is same.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.