Exchange 5.5 SP4, NT 2000. We are finally going to be moving our Exchange deployment into a safe zone. The servers will be put into it's own secure segment that will have a firewall for internal and external users. We are requiring users to use a VPN client if they are coming in from an ISP, but we also want to try and safeguard the systems internally from the students as well, such as the dorms.
Anyhow, we're looking at locking down all the ports on the Exchange Servers as well and only open ports that are required. I know I'll have to assign static ports for the MSEXCHANEDS, IS and SA TCPIP as defined Q148732. It recommends using ports above 5000, so I was going to use 5001, 5002 and 5003 and I presume that a reboot will be required. The one item which cannot be locked down is the push notification messages and UDP ports 1024-65535. I talked to our firewall expert and asked if those ports can be blocked from coming in but not for going out. Does this make sense or is there another way of securing those ports a little better. Anyone have any other advice prior to us cutting over. Any gotchas I need to be aware of? _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED]
