Disable HTTP, use only HTTPS. This means you have to open port no 443 only. However please note to be able to setup a profile, the user must be on the LOCAL LAN (because this requires RPC access). Once the profile is setup, the user can access his mailbox from anywhere he likes (There are some workarounds for this limitation also).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...