Ports opening in Firewall
Hello team,
We are deploying exchange 2010, lync 2010 IM chat and AD in our internal network and having TMG 2010 for reverse proxy on publishing the exchanage and lync to the external world.
We need to understand what are the ports need to be opened in the internal firewall and external firewall for exchange 2010, lync 2010 IM chat and Active directory for accessing the clients both internal and from external.
I have already read the technet articles regarding the port detail for Exchange and lync but still not much clear on it ...Could you please provide only the exact and required ports & port number needs to be opened. Since it is banking sector
we are much keen on the port to opened for security purpose....
Found the below port detail for AD internal but still i want abt the exchange 2010 and lync..communication internal and external..
UDP Port 88 for Kerberos authentication
UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
TCP and UDP Port 445 for File Replication Service
TCP and UDP Port 464 for Kerberos Password Change
TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.Exchange Queries
April 1st, 2012 2:52pm
I recommend that you post the Lync questions to the Lync forum.
How are you deploying TMG, one, two or three NICs, and to which networks are they connected? Will the TMG be domain-joined or are you planning to use some other authentication method, like LDAP?Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2012 3:53pm
Planning to deploy the TMG in workgroup model with 2 nic card. I need the port detail to be allowed for exchange on internal and external firewall..??Exchange Queries
April 1st, 2012 10:43pm
Consider landing the internal leg into your internal network and making the TMG servers domain members, as it makes some parts of this easier. But it isn't required to do what you want.
From the Internet, all you strictly need is TCP 443 HTTPS. You can allow port TCP 80 HTTP, but I would do that only for redirecting it to HTTPS, and that function is best performed on the TMG server.
From the TMG server into the internal network, if you go through a firewall, all you need is TCP 443 HTTPS, plus whatever you're using for authentication, which is probably TCP 389 LDAP to whatever domain controllers you designate and configure
into TMG for that purpose.
If you're going to use TMG to publish IMAP or POP, add those ports. I recommend you stick with the SSL versions of those protocols, so you're looking at ports 995, 993 and don't forget 587 for client SMTP submission.
If you're going to pass SMTP through the TMG, add port 25, but there's probably no compelling reason to do that.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2012 1:54am
Which mean only Port 443 need to be opened in external firewall and no other ports need to be opened for exchange communication between external world and vice versa if you not using pop3 and imap4..Please confirmExchange Queries
April 4th, 2012 3:51pm
That is correct. For Exchange client access from the Internet all traffic (OWA, EWS, Autodiscover, ActiveSync, Outlook Anywhere) runs over port 443.
Free Windows Admin Tool Kit Click here and download it now
April 4th, 2012 3:58pm