Yes. No. Maybe.
-----Original Message----- From: Pfefferkorn, Pete (PFEFFEPE) [mailto:PFEFFEPE@;UCMAIL.UC.EDU] Sent: Wednesday, October 30, 2002 2:14 PM To: Exchange Discussions Subject: Locking of Exchange ports question. Exchange 5.5 SP4, NT 2000. We are finally going to be moving our Exchange deployment into a safe zone. The servers will be put into it's own secure segment that will have a firewall for internal and external users. We are requiring users to use a VPN client if they are coming in from an ISP, but we also want to try and safeguard the systems internally from the students as well, such as the dorms. Anyhow, we're looking at locking down all the ports on the Exchange Servers as well and only open ports that are required. I know I'll have to assign static ports for the MSEXCHANEDS, IS and SA TCPIP as defined Q148732. It recommends using ports above 5000, so I was going to use 5001, 5002 and 5003 and I presume that a reboot will be required. The one item which cannot be locked down is the push notification messages and UDP ports 1024-65535. I talked to our firewall expert and asked if those ports can be blocked from coming in but not for going out. Does this make sense or is there another way of securing those ports a little better. Anyone have any other advice prior to us cutting over. Any gotchas I need to be aware of? _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED] ------------------------------------------------------------------------------ The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. ============================================================================== _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED]
