Link to home
Get AccessLog in
Avatar of LB1234

asked on

Ports for Activesync?

I need to allow iphones to connect to Exchange 2013 via wifi.  Assuming i was starting with every port locked down, what kind of ports would i have to enable to make this work?  DNS, DHCP, SMTP, HTTP, HTTPS, anything else?  Thanks.
Avatar of Kimputer

Link to home
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
Avatar of LB1234


Kim, not 587?  I'm using the exchange mail applet built into the iphone.
No, 587 is authenticated SMTP, which is meant for iPhones to send out email in a REGULAR mail client (pop/imap).
If you add a proper EXCHANGE account (which you just stated you will use), ALL DATA travels over the same protocol, including sending mails (your now really SENDING mails, you're just TELLING the server to send the mail, and you are already having a conversation at ActiveSync level, which means you don't need SMTP to send emails).
Doesn't that mean you are opening up your LAN to all kinds of https traffic?

Eg why doesn't activesync use a different port than 443?
In newer Exchange versions, all data passes port 80 and 443, whether you use Outlook locally, or Activesync on a mobile somewhere outside. Since this is a conscious design by Microsoft, I don't think you can hack your way around it, and even if you did, the client wouldn't understand it anymore.

It doesn't mean you open op your LAN to all kinds of HTTPS traffic, if you use the correct rules, (specify correct port numbers, source/target IP numbers etc).