[Truestream]

Ok, I've searched around and all I've found is port 3101.

Let's say that you've got a last resort software firewall installed on the BES itself, what ports would I need to setup rules for in order for it to work properly with Exchange 07.

[x14]

No matter what kind or how many fw you have, you need 3101 to the SRP.

[southwestcomm]

Firewall on the BES? Isn't behind your corporate firewall or did you stick the box in your DMZ?

[x14]

Quote:

Originally Posted by southwestcomm

Firewall on the BES? Isn't behind your corporate firewall or did you stick the box in your DMZ?

Actually, one of the extreme security recommendation is to put each of the BES component behind a firewall and only allow the that component to talk to the next component.

[Truestream]

It is behind a firewall and out of the DMZ, but this is a last resort, kind of emergency measure we're testing out. I'm well aware of port 3101 to the SRP, but are there any other specific ports I'll need to setup rules for so that I can communicate with the Exchange Server (it's 07). Thanks.

[penguin3107]

Quote:

Originally Posted by Truestream

It is behind a firewall and out of the DMZ, but this is a last resort, kind of emergency measure we're testing out. I'm well aware of port 3101 to the SRP, but are there any other specific ports I'll need to setup rules for so that I can communicate with the Exchange Server (it's 07). Thanks.

Isn't your Exchange server on the same LAN as as your BES?
Why would you need a firewall between the two?
Honestly... I think you're making a mistake putting a software firewall on your BES. Seems like your overcomplicating your security model for no good reason.
Even if you absolutely insist on putting software firewall on a LAN server... why the BES? Wouldn't it make more sense to firewall the Exchange box? That's really where you'd want more protection against a hack anyway.

If you do indeed have a firewall between your BES and Exchange box.. then there's definitely going to be ports to open up to allow communication between the two servers.
Couldn't tell you what they are, since I don't know much about Exchange and this would also be the first time I've ever heard of anyone doing what you intend to do.

Doesn't make a whole lot of sense to me.

[Truestream]

Well, it isn't my idea, I was just asked to make it happen. I don't really have a choice in the matter, I totally agree that setting up a software firewall on the BES is absolutely useless.

[Drork]

hi
as far as I know you only need to open the srp port in fw goining out (LAN->Internet) meening no trafic from the interner can come in so there is no reson ading a software fw to the machine.

[hdawg]

In addition to 3101 Outbound initiated to srp.na.blackberry.net you'll need any port open that an Outlook client would need open to an Exchange mailbox server.

You'll also need requisite ports for Domain Controller / Global Catalog access, and access to SQL Server (port 1433 by default).