Microsoft Exchange Server 2003
Providing thorough coverage of implementation, migration and management issues for Exchange 2000 and 2003, this book also describes the best practices of one of the largest Exchange consulting groups outside Microsoft.
TABLE OF CONTENTS Microsoft Exchange Server 2003
Appendix C: TCP/IP Ports Used by Exchange
It is common to encounter a requirement to allow access to mailboxes on Exchange servers through a firewall, perhaps to accommodate the needs of traveling users who wish to connect across the public Internet without a VPN. In this scenario, you have a front-end server placed in the DMZ to accept incoming requests from clients and relay them onward to the mailbox server. Firewalls are in place to control external traffic into the DMZ and from the DMZ to the internal network. To make this all work, you need to understand the ports used by Exchange and other associated components in order to define what ports to open on each firewall. In most cases, you use Outlook Web Access as the client, although you can take the same approach with Outlook 2003 when it connects to Exchange over HTTP.
The situation is simple enough on the external-facing firewall, since all you have to open are ports 80 and 443 to allow HTTP and HTTP-SSL traffic.
Many more ports are involved when communicating from the Exchange front-end server to the mailbox server through the firewall from the DMZ to the internal network, as shown in the following chart.
| Source | Destination | Port/Protocol | Description |
|---|---|---|---|
| Exchange Front-End Server | Exchange Mailbox Server | 80/TCP (HTTP-basic) | Relayed HTTP traffic. Note that even if the client connection is secured by the means of SSL, the front-end server communicates with the back-end server in clear mode (no use of SSL). |
| Exchange Front-End Server | Active Directory Domain Controller | 389/TCP (LDAP) |
Copyright Hewlett-Packard Development Company, L.P. 2004 under license agreement with Books24x7
