Hyrbid Exchange online Firwall Ports open

I need to ensure about firewall port for hybrid configuration.

Do I need to allow port 25 and 443 for EOP IP's ----> to F5 VIP or Exchange On-premise IP Address itself?

Source  (VIP or Exchange on-Premise) --> Office 365 EOP IP's ? Ports needs to be open inbound only or Inbound and outbound for hybrid configuration?
Ali-Raza111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hasin Ahmed ChoudharyExchange AdministratorCommented:
Do I need to allow port 25 and 443 for EOP IP's ----> to F5 VIP or Exchange On-premise IP Address itself?

IF all your name resolution for exchange server points to f5, you will definitely need port 25 (also 443 for other services) open for all EOP IPS.  The exchange should be able to make accept connection from F5, make sure f5 IP is no blocked at an exchange.

It is up to you to decide which Public IP you want to allow to connect to exchange server directly on port 25.

Source  (VIP or Exchange on-Premise) --> Office 365 EOP IP's ? Ports need to be open inbound only or Inbound and outbound for hybrid configuration?

This depends on your outbound mail flow. Does internet mail flow go through office 365?

For on-premise to office email, you need to contact Office EOP ip to make a connection on port 25 from your source server, so make sure that F5 is configured to allow connection from source on-prem server to EOP IP.  

This outbound connector works on DNS resolution,so you will have to provide complete list of EOP IP
0
Vasil Michev (MVP)Commented:
You need both the Exchange Online and the EOP ranges, as well as the "shared" O365 ranges as detailed in this article: https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#bkmk_exo

Port requirements are also explained in the above.
0
Todd NelsonSystems EngineerCommented:
Take a look at these references...



Do I need to allow port 25 and 443 for EOP IP's ----> to F5 VIP or Exchange On-premise IP Address itself?

Microsoft recommends that the connection between on premises Exchange and EOP be direct.  If you are using SMTP relay, 587 should be allowed as well.


Source  (VIP or Exchange on-Premise) --> Office 365 EOP IP's ? Ports needs to be open inbound only or Inbound and outbound for hybrid configuration?

Outbound.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ali-Raza111Author Commented:
Which direction must the ports be open in our local Network?
should this ports be open from internal to external or from external to internal Network? or just both directions?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.