I need to open ports 25, 993, 995, 443 and 465 to setup MS-Exchange. I don't have an inhouse IT guy and this seems pretty straight-forward in theory but I can't figure it out and need help.
You are most welcome
Thank you for the rating.
Its never wrong to want to learn more things its all good !
Sometimes its hard to know what questions to ask so that the results comes out the best way.
What is it that you are trying to do ?
If you are trying to have the users connect from home or other place ?
Maybe a vpn klient would be a safer choise ?
or maybe the exchange webmail ?
Just a thought.
Actually it all depends.
you have not given enough information in your post for us to help you.
BUT I will try to show you how to do it.
If you only wants the answer go to -----------------------
but there might be a thing or two to make you think about stuff if you read this too.
Ok here is what I think its harsh non sugercoated but honest and in the best of intentions.
First of all, people like yourself (now I am generalising so do not take it personal) have no idea what they are doing and why.
That means that they open up to much or the wrong things and get hacked/botnet/virus and so on. and all for what ?
To save a buck just to loose it and then some to cleanupkosts after beeing hacked instead ?
its all good and well to want to try things yourself but the real issue is to learn why things needs to be done in certain ways.
Things are very easy to do today when it comes to the actual doing, there is a lot of info on the Internet, you can go to websites such as this and get the answer on how to do it, the web interfaces are quite capable, but the question is actually not how, thats easy, but why and how does it impact the big picture of the security at the site.
These are things why you should have professionals doing the work. or atleast a discussion with them.
you need to do two things but since I do not know your setup i will have to generalize a bit.
FX I do not know what version of software you have, so I i will give you the answer on an 8.2 version.
I do not know your setup or ip addresses, (nor do I want to, this is an open channel that anyone can read)
First you need a static
then an access list to let the traffic through.
then an access-group to add the access-list to the correct interface and direction of the traffic
it looks something like this but you will have to change it so that it works in your environment.
static (inside,outside) tcp interface 25 192.168.1.100 25 netmask 255.255.255.255
access-list outside_access_in extended permit tcp any interface outside eq 25
access-group outside_access_in in interface outside
broken down explanation
static is the command
(inside,outside) the interfaces
tcp = protcol to use (could be fx udp, icmp or ip and so on)
Interface = the interface ip adress, this is a little special, you can replce this with an ip address (not the interface ip address)
25 = the recieveing port
192.168.1.100 = the destination ie in your case the exchange server
25 = the destination port on the exchange server
netmask 255.255.255.255 = this is for one address only.
Access-list outside_access_in extended permit tcp any interface outside eq 25
broken down explanation