BES is outbound - just don't block outbound and you're fine. You're blocking inbound for OWA/BIS, which is what he said in an earlier post.
-- Jonathan Evenden Director of IT Consulting MCP - Microsoft Certified Professional TNTMAX, LLC. Technology Solutions by Design 010101000100111001010100011011010110000101111000 (201) 891-8686 Main (201) 891-4672 Fax jeven...@tntmax.com 253 Madison Ave, Wyckoff, NJ 07481 http://www.tntmax.com __________________________________________________________________ NOTICE OF CONFIDENTIALITY The information contained in this transmission is confidential and may be privileged and/or contain confidential information that is legally protected by state and federal law. This information is intended only for the use of the individual or organization to whom it is addressed. If it is not meant for you please notify the sender immediately by telephone so arrangements may be made to return the documents or destroy them. Use, disclosure, distribution or copying of documents transmitted to you in error is strictly prohibited. Thank you. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 1:43 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email HDawg, Your post shows these addresses as the BIS servers: BIS IP Range 206.51.26.0/24 193.109.81.0/24 204.187.87.0/24 206.53.144.0/20 216.9.240.0/20 67.233.64.0/19 93.186.16.0/20 68.171.224.0/19 Another post on your site http://www.port3101.org/featured-blackberry-kb-articles/793-kb03735-fire wall-connection-requirements-blackberry-enterprise-server.html shows the same IP range for BES: BES IP Range 206.51.26.0 /24 193.109.81.0/24 204.187.87.0/24 216.9.240.0/20 206.53.144.0/20 67.223.64.0/19 93.186.16.0/20 68.171.224.0/19 Which means that I can't block those IP's or BES stops working as well. Back to the drawing board... Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 | www.papamurphys.com <http://www.papamurphys.com> From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 10:28 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email HDawg, This looks to be the most promising solution. Is there another list that shows the BES IP's? I'd want to make sure that they were allowed, the ranges provided for BIS are pretty large and I wouldn't be surprised if they overlap to some degree. Thanks! Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 | www.papamurphys.com <http://www.papamurphys.com> From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of hdawg Sent: Tuesday, July 20, 2010 10:13 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS can also use OWA. See: http://www.port3101.org/featured-blackberry-kb-articles/792-kb11036-fire wall-connection-requirements-blackberry-internet-service.html for a list of what IP's BIS connections are coming from. Block these inbound connections at the firewall and you've blocked BIS. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Jonathan Barker Sent: Tuesday, July 20, 2010 1:09 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS uses IMAP and POP3. Are you sure it's turned off? Other options include offline sync using Desktop manager or a 3rd-party EAS bridge like AstraSync. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 9:55 AM To: 'bes-admins@dataoutages.com' Subject: [Bes-admins] Prevent personal Blackberries from accessing company email I just found out that we have people with personal Blackberries accessing their company email, they are definitely not set up on my BES, so I'm guessing they must be using BIS. How can I prevent them from accessing their company email on their personal devices? I know it's not via IMAP or POP3, we have that turned off at the Exchange level. Thanks! Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 | www.papamurphys.com <http://www.papamurphys.com> ------------------------------------------------------------------------ ------------ Consumer-voted "Best Pizza Chain in America" 2003-2009 ------------------------------------------------------------------------ ------------ Consumer-voted "Best Pizza Chain in America" 2003-2009 ------------------------------------------------------------------------ ------------ Consumer-voted "Best Pizza Chain in America" 2003-2009
_______________________________________________ Bes-Admins mailing list Bes-Admins@dataoutages.com http://www.dataoutages.com/mailman/listinfo/bes-admins http://www.dataoutages.com http://www.dataoutagenews.com RSS Feed: http://feeds.feedburner.com/Bes-admins --------------------------------- Bes-Admins mailing list is sponsored by Dataoutagenews.com. http://www.dataoutagenews.com