Hello, Our organization has multiple sites with multiple LANs associated with these sites. Each LAN has its own Exchange Server and each LAN is separated by a Firewall. We have been implementing Windows 2008 and Exchange 2010 into our 2003 Active Directory Forest in our test bed environment. I have noticed by looking at the firewall audit between LANs and Sites that the Exchange 2010 servers are attempting RPC connections (port 135) to each other. Our LANs are at different security levels and we generally do not allow Exchange servers to openly communicate with each other (we use a smart host to route mail). This was not an issue with 2003 because each server ran independent of all the others in our organization and did not have the newer "Roles" concept like Exchange 2010 does. Is there anyway to isolate all 2010 Exchange servers to their own LAN? I do not want them communicating with each other between Sites or within sites between LANs. I have found away to staticly set the Mail box servers to use a specific Hub transport server, but that's pretty much it. The RPC traffic getting denied by my firewalls is way too much to ignore and I would like to stop this communication at the Exchange Server Level if possible. Each of our test LAN 2010 Exchange servers have the CAS HUBT and MAILBOX roles installed, so they should not need any services from any other LAN exchange servers... Any Ideas?

From my understanding of the supportability of this, you can have firewalls between Exchange Servers, but only if they allow all the required traffic to flow between them. ( So kinda of a catch-22 there) http://technet.microsoft.com/en-us/library/bb331973.aspx

From my understanding of the supportability of this, you can have firewalls between Exchange Servers, but only if they allow all the required traffic to flow between them. ( So kinda of a catch-22 there) http://technet.microsoft.com/en-us/library/bb331973.aspx

Hi cambind, Any update for your issue? Regards! TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Gavin TechNet Community Support