NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] How to allow Exchange access



>From a Microsoft perspective, this isn't the recommended solution.  This
sounds like you are trying to gain access to the Exchange server via RPC,
(RPC over IP) through the firewall.  Did you also know you can also send and
receive messages through the POP3 and IMAP protocols as well as the native
SMTP?  This means as long as you have the Exchange server set up to use POP3
as an additional protocol, you can then open up your port 110 through the
firewall and users outside of the firewall can connect to the server (much
the same as an ISP does).  I forget how to set up all of the details but I
do know it is supported, documented, and works.  You can search the M$ site
for POP3 and you will find the technet article that will guide you.

By opening up RPC, you will be further exposing yourself to vulnerabilities
that could be unforeseen.   What I mean is you should really investigate
what damage a hacker could do once he scans you and find RPC open to the
Exchange server and what vulnerabilities could be exploited by using common
hacking tools.



Scott Moore, MCSE 4.0/2000, MCT, MCP+I, CCSA, CCA

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of
Raymond N
Sent: Thursday, October 11, 2001 8:35 PM
To: [email protected]
Subject: Re: [FW-1] How to allow Exchange access


Would you mind to go into a bit detailed about what is "DCE-RPC", and how
do I use it to allow the exchange traffic?

Thanks.

At 07:39 AM 10/11/01 +0100, you wrote:
>Sorry, meant "DCE-RPC"!!!!
>
>M
>
>
>Hi,
>
>I have done this using the MS-RPC along with the MSExchange.  Have a lot
>more items in the rule, so you may also have to allow part of the "NBT" set
>through.
>
>Not sure what version of server we are running, but all works fine.
>
>Hope this helps,
>
>Regards,
>
>Miles.
>
>-----Original Message-----
>From: Raymond N [mailto:[email protected]]
>Sent: 11 October 2001 01:47
>To: [email protected]
>Subject: [FW-1] How to allow Exchange access
>
>
>Hi there,
>
>I am using Firewall-1 4.1 SP4.  I want NT client workstation in network-A
>be able to access the MS Exchange server in network-B, where the CP
>firewall is in between.  The Exchange server is v5.5.  No network address
>translation.
>
>I know that there is pre-defined services "MSExchange", "MSExchange-v5.5",
>"MSExchange-RemoteAdmin", "MSExchange-RemoteAdmin-v5.5" and
>"MSExchange-SiteConnector".  What is needed in my situation?  And how the
>rule(s) should look like?
>
>I try this:
>source = network-a
>destination = network-b
>service = all MSExchange service defined above
>action = accept
>
>It doesn't work.  From the log, I see that my client is trying to talk to
>the server on tcp port 2400, and is being dropped.  I suppose using those
>pre-defined resources can eliminate the need to open all the >1023 TCP
>ports, isn't it?
>
>Please help.
>
>-raymond ([email protected])
>
>
>===========================================================================
=
>====
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>===========================================================================
=
>====
>
>

============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.