OWA and DMZ

[Yardyy]

Hi all,

I have an IIS server in a DMZ, which access`s the Exchange server in the private lan, protected by Checkpoint NG FP2.

The problem is that the OWA seems to start using ports that i have allowed in the Firewall Rulebase, and starts randomly using different ports. This has happened about 4 times in the past three months, each time, i enable logging and allow the port on the firewall to the exchange server it works then for a few weeks, and then it stops using the ports and starts using some other ones, so i have to do the same all over again. Does anyone know what all the required ports are... Thanks in advance for any contribution made..

 

[scaine]

We'll shortly be using the exact same setup in our environment, Yardyy.

This sounds like it's related to the way RPC works - fairly randomly as I understand it (any port above 1024). RPC is something to do with DCOM, the way Microsoft servers communicate to each other for certain functions. Your OWA server will use it to communicate with your Exchange server in order to show the correct mailbox for example.

Microsoft servers from NT up have a registry kludge available which will tie down the RPC ports to just a few specified ports - this will prevent the server from randomly choosing another set of ports to communicate over.

The Microsoft Windows 2000 article is Q300083. Here's the link:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300083

Hopefully this will help tie down your rulebase to only the ports you specifiy to the server itself.

Apologies if your server isn't Windows 2000 - there is also an article somewhere for NT servers, but I didn't search for it.

 

[Yardyy]

Thanks for that, al try that when i get back into work, we do use NT4 servers, so am gonna have to search for it, if you have the link then that would be most appreciated, but thanks for the page, ... I hope your implemenatation goes well.


Yardyy Regards

Yardyy