Hi, I had similar problems with a new Exchange Server (v2003) on a DMZ. http://support.microsoft.com/?kbid=270836 is the good KB from Microsoft to put static ports on Exchange 2003 (v2000 also), just check the English one, because translations (still in French) are very shorter than the original English one.
I do not known which version of Checkpoint, you have, but with NG with AI, Firewall can track some of the RPC traffic (with objects in the DCE-RPC branch) Access from Outlook to Exchange only needs (for me, it was from LAN to server in DMZ) : microsoft-ds (445 TCP), and Group MSExchange that contains : MSExchangeDirRef (DCE-RPC) MSExchangeDS (DCE-RPC) MSExchangeIS (DCE-RPC) The only problem, I have not solved, was the notification from Exchange server to the Outlook clients, which appear on dynamic ports generated. I tried to modify the file EXCHANGE.DEF on the Managment server, but it didn't work. Hope, it will help you. Fabrice Date: Tue, 15 Nov 2005 19:19:51 -0500 From: Ray <[EMAIL PROTECTED]> Subject: Re: Checkpoint SecuRemote and Microsoft Exchange Clients Check SmartView Tracker fo drops on rules higher than 900. Prior to R55 HFA09 there were a lot of issues with RPC. I haven't had any problems with SecureClient & Exchange since we went to HFA09. Ray >From: Neil Kemp <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[email protected]> >To: [email protected] >Subject: Re: [FW-1] Checkpoint SecuRemote and Microsoft Exchange Clients >Date: Tue, 15 Nov 2005 21:56:27 +0000 > >Which is fine, but dont know if that is the actual issue as between the >firewall and the SecuRemote client - the traffic is unrestricted. > >Any ideas ? > >On 15/11/05, Aaron Brasslett <[EMAIL PROTECTED]> wrote: > > > > The problem is that Exchange uses numerous dynamic ports. You'll need to > > lock Exchange down to specific ports. > > > > http://support.microsoft.com/?kbid=270836 > > > > -----Original Message----- > > From: Neil Kemp [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, November 15, 2005 10:30 AM > > To: [email protected] > > Subject: [FW-1] Checkpoint SecuRemote and Microsoft Exchange Clients > > > > > > Afternoon guys. > > > > I have been trying to troubleshoot some remote users who are >experiencing > > intermittent connectivity when they work remotely across a SecuRemote >VPN > > to > > an internal Microsoft Exchange Server. > > > > From what I have seen there are numerous articles about the ports that >are > > in use etc, but nothing defined as to how to get it working - does >anyone > > have this sort of information ? > > > > Thanks in advance. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
