Raneesh A
asked on
Exchange 2013 connection with outlook
Dear Experts,
I have an exchange 2013 running with fortigate Dynamic DNS.
I have configured smart host relay to send on behalf. Also setup email gateway since our isp blocks port 25.
The problem is, i only want give exchange connection from their devices if they are on the same internal network.
But if they connect outside the network they cannot connect their outlook to my exchange server.
Only way they can connect to exchange 2013 outside is through VPN. only after vpn network is established.
But the problem is when the users are connected to another network they still can access the exchange server and they can send and receive emails.
please help me in sorting out this issue as my management doesn't want any external connection to exchange.
Thanks and Regards
Raneesh.A
I have an exchange 2013 running with fortigate Dynamic DNS.
I have configured smart host relay to send on behalf. Also setup email gateway since our isp blocks port 25.
The problem is, i only want give exchange connection from their devices if they are on the same internal network.
But if they connect outside the network they cannot connect their outlook to my exchange server.
Only way they can connect to exchange 2013 outside is through VPN. only after vpn network is established.
But the problem is when the users are connected to another network they still can access the exchange server and they can send and receive emails.
please help me in sorting out this issue as my management doesn't want any external connection to exchange.
Thanks and Regards
Raneesh.A
Miguel Angel Perez Muñoz
You can setup your Exchange firewall to block Outlook connections from external networks. You only need to permit all traffic from internal IP subnet, and block Outlook ports from external IP address: http://blogs.technet.com/b/exchange/archive/2013/02/18/exchange-firewalls-and-support-oh-my.aspx
ASKER
If i do so can the internal users able to send/receive emails to outside (like gmail,yahoo).. ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I disabled all the port forwarding except for port 26 since my port 25 is blocked by ISP and the 3rd party app is receiving my emails on 25 and forwarding to me on port 26.
But the issue is when i disconnect my lan and connect to wifi (which is no different network) my exchange is not connecting. Yes it is working.
But when i tried after connecting to VPN still i am not able to connect to exchnage. I tried to ping to ip and it is working fine.
but i tried to ping to exchange server using fqdn it is going to dyndns.
So i put the entry in the hosts to forward all the domain to internal ip and it is working fyn now.
19.168.0.15 exchange.xyz.com
No the exchange can connect to server if vpn is connected.
But i want to ask you if this is a good practice or do i have to any other setting without host entries.
please advice me.
But the issue is when i disconnect my lan and connect to wifi (which is no different network) my exchange is not connecting. Yes it is working.
But when i tried after connecting to VPN still i am not able to connect to exchnage. I tried to ping to ip and it is working fine.
but i tried to ping to exchange server using fqdn it is going to dyndns.
So i put the entry in the hosts to forward all the domain to internal ip and it is working fyn now.
19.168.0.15 exchange.xyz.com
No the exchange can connect to server if vpn is connected.
But i want to ask you if this is a good practice or do i have to any other setting without host entries.
please advice me.
But when i tried after connecting to VPN still i am not able to connect to exchnage. I tried to ping to ip and it is working fine.
It is possible your VPN is blocking traffic to Exchange. Review your config.
but i tried to ping to exchange server using fqdn it is going to dyndns. What??? Are you using your internal name on internet with any kind of alias? I suggest you use internal name different from external to avoid this problems.
But i want to ask you if this is a good practice or do i have to any other setting without host entries. I don´t understand exactly your problem. You are connecting using external name from internal and not work, this is normal, you must to use internal, doesn´t matter you are accessing from LAN or VPN.
It is possible your VPN is blocking traffic to Exchange. Review your config.
but i tried to ping to exchange server using fqdn it is going to dyndns. What??? Are you using your internal name on internet with any kind of alias? I suggest you use internal name different from external to avoid this problems.
But i want to ask you if this is a good practice or do i have to any other setting without host entries. I don´t understand exactly your problem. You are connecting using external name from internal and not work, this is normal, you must to use internal, doesn´t matter you are accessing from LAN or VPN.
ASKER
Ok I understand the issue. My internal and external fqdn name is same.