NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] How to allow Exchange access



I am making some good progress.  Here is the new rule that work for me:
Src = Exchange client
Dst = Exchange Server
Service = MSExchange, MSExchange-v5.5, MSExchange-RemoteAdmin,
MSExchange-RemoteAdmin, DCE-RPC
Action = Permit.

Now my client can use outlook for their exchange services.

Got a question.  Do you also have another rule to allow from exchange
server to client on UDP port above 1023?  Seems to me that Exchange server
use that to notify client for new mail, and this connection is not covered
by my new rule.  Any comments?

Thanks.

-raymond


At 09:52 AM 10/12/01 +0100, you wrote:
>Hi,
>
>You use DCE-RPC along with MSExchange in a single rule.  Details of how it
>works are within the dcerpc.def file in $FWDIR/lib.
>
>Beleive me it works.
>
>Regards,
>
>M.
>
>-----Original Message-----
>From: Raymond N [mailto:[email protected]]
>Sent: 12 October 2001 01:35
>To: Parkin, Miles
>Cc: [email protected]
>Subject: RE: [FW-1] How to allow Exchange access
>
>
>Would you mind to go into a bit detailed about what is "DCE-RPC", and how
>do I use it to allow the exchange traffic?
>
>Thanks.
>
>At 07:39 AM 10/11/01 +0100, you wrote:
>>Sorry, meant "DCE-RPC"!!!!
>>
>>M
>>
>>
>>Hi,
>>
>>I have done this using the MS-RPC along with the MSExchange.  Have a lot
>>more items in the rule, so you may also have to allow part of the "NBT" set
>>through.
>>
>>Not sure what version of server we are running, but all works fine.
>>
>>Hope this helps,
>>
>>Regards,
>>
>>Miles.
>>
>>-----Original Message-----
>>From: Raymond N [mailto:[email protected]]
>>Sent: 11 October 2001 01:47
>>To: [email protected]
>>Subject: [FW-1] How to allow Exchange access
>>
>>
>>Hi there,
>>
>>I am using Firewall-1 4.1 SP4.  I want NT client workstation in network-A
>>be able to access the MS Exchange server in network-B, where the CP
>>firewall is in between.  The Exchange server is v5.5.  No network address
>>translation.
>>
>>I know that there is pre-defined services "MSExchange", "MSExchange-v5.5",
>>"MSExchange-RemoteAdmin", "MSExchange-RemoteAdmin-v5.5" and
>>"MSExchange-SiteConnector".  What is needed in my situation?  And how the
>>rule(s) should look like?
>>
>>I try this:
>>source = network-a
>>destination = network-b
>>service = all MSExchange service defined above
>>action = accept
>>
>>It doesn't work.  From the log, I see that my client is trying to talk to
>>the server on tcp port 2400, and is being dropped.  I suppose using those
>>pre-defined resources can eliminate the need to open all the >1023 TCP
>>ports, isn't it?
>>
>>Please help.
>>
>>-raymond ([email protected])
>>
>>
>>===========================================================================
>=
>>====
>>     To unsubscribe from this mailing list, please see the instructions at
>>               http://www.checkpoint.com/services/mailing.html
>>===========================================================================
>=
>>====
>>
>>
>
>

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.