PIX and Email Server (Exchange 2000)

[rspencer]

Hello,

Looking at helping put in an Exchange Server (2000) for a company that wants it to sit behind a PIX Firewall. Would there be any things to watch for in implementing this email server?

I know that a static route will have to be punched through the PIX but i am not sure what ports need to be left open in order for their external users out on the road to access their mail?

Thanks.

 

[Flibble]

rspencer:

You will need to tie down the Exchange Server to utilise specific ports for its services. By default clients connect initially to a single port (135) and are then assigned a dynamic port to communicate on (much like the Unix portmapper service). By configuring the Exchange server you assign a static port mapping to ensure that the client-server communication takes place over your chosen port. This allows you to securely implement your security policy for the Exchange server. You should choose ports between 1025-65525, however, Microsoft recommend you do not choose ports immediately above 1024. We use ports above 30000 just to be on the safe side.

Flibble

 

[Guest_imported]

Any instruction for doing this?

Thanks
Patrick

 

[Flibble]

Sure:

http://www.microsoft.com/technet/security/exc10.asp

Flibble