Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange & Outbound Firewall rules

Status
Not open for further replies.
mlc9

mlc9

MIS
Aug 15, 2007
255
US
Running Exchange 2010 on a Windows 2008 R2 server. Our current Windows Firewall rules, specifically outbound rules, are pretty much out of the box. Overall, outbound is set to allow anything that doesn't match the rules.

A recent IT audit is leading us to only allow Outbound traffic on the Exchange server that is necessary. My thought is to turn off the larger rule allowing everything that does not match the out of the box outbound policies, while making sure that email can still function and get out as needed (ie; outbound to the domain controller).

I can see the Microsoft documentation outlining every port/service that Exchange 2010 needs (transport needs, hub needs, etc), but am a bit intimidated by that. Can anybody recommend something that I can refer to that will give me the bare minimum of what I need outbound for Exchange 2010?
 
Sort by date Sort by votes
Is it a single Exchange server (not front end/backend)?
 
Upvote 0 Downvote
Yes, we are a small organization with only about 80-100 mailboxes on one Exchange 2010 server. Said Exchange is sitting on a virtual MS Server 2K8 box.
 
Upvote 0 Downvote
You should just need SMTP for sending/receiving email. If you are doing more (web access, outlook anywhere), then you will need additional.

If you have a firewall (not on exchange, but at your Internet connection), then Exchange should only have a local/internal IP address which is not accessible from the outside and the rules for access controlled there, not on exchange.
 
Upvote 0 Downvote
Well, the same Exchange server does serve up OWA as well. Also concerned with ports that need opened to talk to domain controller, etc. Thanks
 
Upvote 0 Downvote
You can configure the firewall on Exchange to only block/control connections outside. So the firewall state for "Public Networks" would be on, but the one for Internal networks is off.

You can also just create a rule which allows all to your domain controller (by IP address).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
2K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
2K
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
2K
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
2K
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
2K
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top