I was doing some research about the connectivity of Exchange Front-End with the Back-End and the DCs/GCs,
And I found this article that shows Event ID 2080 and what to look for in reach ability and state of the DCs/GCs.
http://support.microsoft.com/kb/316300/
Now, I was on the quest to find what ports we need open in order to deploy a Front-End server in the DMZ.
And these are my findings on the ports you need open:
· For RPC: 135 TCP and other Dynamic RPC ports for Windows RPC communication
· For LDAP: 389 TCP and 389 UDP for AD objects lookup to the DC
· For LDAP GC: 3268 TCP also for AD objects lookup to the DC/GC
· For Kerberos: 88 TCP and 88 UDP for authentication
· For DNS: 53 TCP and 53 UDP for name server lookups
…and of course these ports 80, 443, and 25 for HTTP(S) and SMTP.
Autodiscover, OWA, EAS, Outlook Anywhere, WebDav and Internet
mail traffic are services that depend on these ports.
Other ports that might be important to open if you’re offering these services are:
· For POP3: 110 TCP for POP3 client access
· For POP3 secure: 995 TCP for POP3 secure client access
· For IMAP4: 143 TCP for IMAP4 client access
· For IMAP4 secure: 993 TCP for secure IMAP4 client access
Some additional port worth noting:
· For SMB: 445 TCP for GPO support
· For BackupExec: 10000 TCP and other dynamic ports for BackupExec control signals
Some resources to check for more info:
http://support.microsoft.com/?kbid=154596 for RPC dynamic port allocation
http://technet.microsoft.com/en-us/library/bb331973.aspx for Exchange 2007 firewall requirements
http://seer.entsupport.symantec.com/docs/278944.htm for BackupExec configurations with firewalls
Peace brothers…
“make it so.”
- Captain Jean Luc-Picard, USS Enterprise, NCC 1701-D
Alessandro Squeo
SWC | TECHNOLOGY PARTNERS
1420 Kensington Road, Suite 110
Oak Brook, Illinois 60523-2144
630-286-8181 DIRECT
630-572-0390 FAX
www.swc.com
alessandro.squeo@swc.com
Posts
1 comment:
Great blog Alessandro
Post a Comment