Quicklist for Intradomain Communications Between Back-end and Front-end Exchange Servers

By /

From Jason Jones at http://forums.isaserver.org/m_2002027876/mpage_1/k…

==============================================================

Assuming FE in DMZ (domain member), BE on LAN (domain member).
Route relationship between DMZ and LAN (to allow intradomain)
Rules needed:

Front-End Exchange servers => Domain Controllers

DNS

Kerberos-Adm (UDP)

Kerberos-Sec (TCP)

Kerberos-Sec (UDP)

LDAP

LDAP (UDP)

LDAP GC (Global Catalog)

Microsoft CIFS (TCP)

Microsoft CIFS (UDP)

NTP

Ping

RPC (all interfaces)

Front-End Exchange servers => Back-End Exchange servers

HTTP

IMAP4

POP3

SMTP

Exchange Link State Routing (TCP691)

RPC over HTTP Information Store

(TCP6001)

RPC over HTTP DSReferral (TCP6002)

RPC over HTTP DSProxy (TCP6004)

Back-End Exchange servers => Front-End Exchange servers

Exchange ActiveSync Direct Push

(UDP2883)

==============================================================

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: [email protected]
MVP — Microsoft Firewalls (ISA)

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top