Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

OWA open ports on DMZ

Hi, I have opened the following ports between our OWA server in the DMZ and our LAN (80, 691, 389, 3268, 88, 53, 135 and 1024 and above) as per this article My question is what security risk is posed by opening all ports above 1024? I know we can hack the registry on our DCs to limit this but this isn't something I want to do unless I absolutely have to. Any advice would be greatly appreciated. Thanks, Rex.

Hall of Fame Super Blue

Re: OWA open ports on DMZ


"what security risk is posed by opening all ports above 1024"

It is never a good idea to do this if you can avoid it. When you say between the OWA server and the LAN what do you mean by LAN - how many servers are involved on your LAN.

Think of it like this. If the OWA server is compromised then your rule allows communication to any port above 1024 on all the servers that you have included in the rule. (Hopefully you have narrowed the rule down to the servers only ?). Now there is a good chance that your servers will be running services on ports above 1024 and you have just allowed access to them.

It depends on how strict your rule in terms of destination IP addresses (and source, presumably just the OWA server ?), how secure your internal servers have been made.

Personally i would look into limiting the ports. I appreciate you may not want to do this but all ports above 1024 would worry me more. Others may have a different view.


New Member

Re: OWA open ports on DMZ

Thanks for the reply Jon. I take on board what you're saying and will look at limiting this.

New Member

Re: OWA open ports on DMZ

Put an ISA server in the DMZ, leave your OWA in the LAN... The ISA server can act as a reverse proxy for OWA. You can use ISA with just one interface.

CreatePlease login to create content