Arie
You will need to have access to your Exchange servers so you can
tell them to use static ports for the Information Store and Directory
services. Create your TCP rpc-mapper on port 135. Then you tell the
FW to allow those ports. Here is a step by step.
1. Define a
TCP service rpc-mapper on port 135.
2. Configure Microsoft Exchange
server to use a specific port(s) you choose (above 1024). This may be done by
modifying the registry on the server machine (the machine running Microsoft
Exchange) as follows:
For Directory Services:
i. Start Registry
Editor (Regedt32.exe).
ii. Under the HKEY_LOCAL_MACHINE subtree, go to the
following
subkey:
SYSTEM\CurrentControlSet\Services\MSExchangeDS\Parameters\TCP/IPport
iii.
Add the following registry value:
TCP/IP port as DWORD value (16 bits),
specifying the port to be used.
iv. Quit Registry Editor.
For
Information Store the procedure is similar. Just modify a different
key:
i. Start Registry Editor (Regedt32.exe).
ii. Under the
HKEY_LOCAL_MACHINE subtree, go to the following
subkey:
SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem\TCP/IPport
iii.
Add the following registry value TCP/IP port as DWORD (16 bit number) value,
specifying the port to be used.
iv. Quit Registry Editor.
3. Enable
the rpc-mapper and port(s) you configured (in the registry) in the rule base, in
the Client to Exchange server direction.
-----Original
Message-----
From: Arie Gilboa [mailto:[email protected]]
Sent:
Sunday, March 11, 2001 10:56 PM
To:
'[email protected]'
Subject: ExChange-Outlook via
Firewall
I've FW-1 4.1 and I would like to allow access to ExChange
5.5 server,
via Outlook. IS the Built-in MSexchange service is enough
?.
Which are the minimal rules which should be allowed ?.
In case I
use IKE VPN on my Firewall, there are properties, about IKE
and IPSEC
regeneration periods, and I would like to reduce the default
values (10080,
3600). Is there any recommendations for these values ?.
Thanks,
Arie
Gilboa