Exchange/AD Firewall question

[adfreek]

Hello,

We're at a client in the early design stages of an Exchange 5.5 to Exchange 2003 migration. All of the NT 4.0 user domains have been upgraded to AD. There is forest root domain, then two child domains (Domain A & Domain B). All of the 5.5 servers will be consolidated to a 4 node active/passive cluster which will reside in Domain A. The issue we have is that because of security concerns at the retail stores where users live in Domain B, a firewall is in the middle of domain A and Domain B. There are no rules for traffice going from A - B, however, there are fw rule sets for traffic originating from domain b heading to domain A or the forest root.

I need to come up with a listing of protocols and ports that I will need to ensure are opened up for all mail activity which originates from users desktops which reside in Domain B (i.e. user launched Outlook to read mail from a mailbox that lives on cluster in domain A). Also, we'll place a GC server in domain b.

This seems like an ugly setup, but the client stated the FW must stay in place.

Any ideas?

Thanks