Hi exchange online experts
We have in our environment exchange 2016 cu20, and we are using Cisco Iron Port as an email security gateway so any email that will come from outside to inside must pass via Iron Port
And any email that will go from inside to outside must go via Iron Port
Now we are planning to configure a long term hybrid configuration with exchange online, and I read that to enjoy a fully hybrid long term configuration you need to open not just port 443 on the firewall also need to open port 25 ((and I got to know the only support approach to use Microsoft Edge transport)) I am not sure about this info
Note: we don’t want to use a use hybrid agent because our target to have long term coexistence
So my question
- How can I reach my target by keep using Iron Port as the main email security gateway and enjoying full hybrid long term configuration
- Our firewall admin does not like to open port 25 on the firewall do you I have to explain to him something special
Note: we need to use also hybrid modern authentication
Please take a look at the attached photos and if you need any more info to answer me please let me know

.
As for port 443, your system needs to be reverse proxied to Office 365 so that the hybrid connection can be fully established. Office 365 needs a web services connection to your internal systems so that it can create move requests.
All outbound communication is on either port 25 or port 443. Port 80 is not used between your on-prem Exchange server and Office 365.