Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Donate Today!

Do you enjoy these
technical forums?
Donate Today! Click Here

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

mlc9 (MIS) (OP)
29 Feb 12 12:23
Running Exchange 2010 on a Windows 2008 R2 server. Our current Windows Firewall rules, specifically outbound rules, are pretty much out of the box. Overall, outbound is set to allow anything that doesn't match the rules.

A recent IT audit is leading us to only allow Outbound traffic on the Exchange server that is necessary. My thought is to turn off the larger rule allowing everything that does not match the out of the box outbound policies, while making sure that email can still function and get out as needed (ie; outbound to the domain controller).

I can see the Microsoft documentation outlining every port/service that Exchange 2010 needs (transport needs, hub needs, etc), but am a bit intimidated by that. Can anybody recommend something that I can refer to that will give me the bare minimum of what I need outbound for Exchange 2010?
rjs (MIS)
1 Mar 12 14:03
Is it a single Exchange server (not front end/backend)?
mlc9 (MIS) (OP)
1 Mar 12 14:19
Yes, we are a small organization with only about 80-100 mailboxes on one Exchange 2010 server. Said Exchange is sitting on a virtual MS Server 2K8 box.   
rjs (MIS)
1 Mar 12 14:25
You should just need SMTP for sending/receiving email. If you are doing more (web access, outlook anywhere), then you will need additional.

If you have a firewall (not on exchange, but at your Internet connection), then Exchange should only have a local/internal IP address which is not accessible from the outside and the rules for access controlled there, not on exchange.
mlc9 (MIS) (OP)
1 Mar 12 15:08
Well, the same Exchange server does serve up OWA as well. Also concerned with ports that need opened to talk to domain controller, etc. Thanks
rjs (MIS)
1 Mar 12 15:14
You can configure the firewall on Exchange to only block/control connections outside. So the firewall state for "Public Networks" would be on, but the one for Internal networks is off.

You can also just create a rule which allows all to your domain controller (by IP address).

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close