Exchange 2010 – Firewall rule

Le varie versioni di Windows, a partire da XP/2003, hanno integrato nell’installazione un servizio di firewall. Questo servizio si è andato di volta in volta evolvendo, includendo differenti opzioni che ne permettevano o meno l’attivazione e l’implementazioni di regole a seconda del profilo di rete scelto.

Ad oggi molti prodotti, durante il setup, includono tutte le regole che servono al corretto funzionamento del software che si sta installando, ma va tenuto in considerazione che per far si che le varie eccezioni siano aggiunte in automatico, il servizio deve essere lasciato attivo per tutto il processo di setup o di upgrade (RU o Service Pack). In alcuni ambienti il servizio di firewall viene tenuto spento e questo impedisce la corretta implementazione delle regole. Se la scelta è quella di tenere il servizio disattivato, il consiglio è quello di attivarlo durate i vari setup/upgrade e disattivarlo subito dopo.

Per chi volesse riattivare il firewall dopo l’installazione di Exchange 2010, queste sono le regole da verificare

 

Rule name

Server roles

Port

Program

MSExchangeADTopology - RPC (TCP-In)

Client Access, Hub Transport, Mailbox, Unified Messaging

Dynamic RPC

Bin\MSExchangeADTopologyService.exe

MSExchangeMonitoring - RPC (TCP-In)

Client Access, Hub Transport, Edge Transport, Unified Messaging

Dynamic RPC

Bin\Microsoft.Exchange.Management.Monitoring.exe

MSExchangeServiceHost - RPC (TCP-In)

All roles

Dynamic RPC

Bin\Microsoft.Exchange.ServiceHost.exe

MSExchangeServiceHost - RPCEPMap (TCP-In)

All roles

RPC-EPMap

Bin\Microsoft.Exchange.Service.Host

MSExchangeRPCEPMap (GFW) (TCP-In)

All roles

RPC-EPMap

Any

MSExchangeRPC (GFW) (TCP-In)

Client Access, Hub Transport, Mailbox, Unified Messaging

Dynamic RPC

Any

MSExchange - IMAP4 (GFW) (TCP-In)

Client Access

143, 993 (TCP)

All

MSExchangeIMAP4 (TCP-In)

Client Access

143, 993 (TCP)

ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe

MSExchange - POP3 (FGW) (TCP-In)

Client Access

110, 995 (TCP)

All

MSExchange - POP3 (TCP-In)

Client Access

110, 995 (TCP)

ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe

MSExchange - OWA (GFW) (TCP-In)

Client Access

5075, 5076, 5077 (TCP)

All

MSExchangeOWAAppPool (TCP-In)

Client Access

5075, 5076, 5077 (TCP)

Inetsrv\w3wp.exe

MSExchangeAB-RPC (TCP-In)

Client Access

Dynamic RPC

Bin\Microsoft.Exchange.AddressBook.Service.exe

MSExchangeAB-RPCEPMap (TCP-In)

Client Access

RPC-EPMap

Bin\Microsoft.Exchange.AddressBook.Service.exe

MSExchangeAB-RpcHttp (TCP-In)

Client Access

6002, 6004 (TCP)

Bin\Microsoft.Exchange.AddressBook.Service.exe

RpcHttpLBS (TCP-In)

Client Access

Dynamic RPC

System32\Svchost.exe

MSExchangeRPC - RPC (TCP-In)

Client Access, Mailbox

Dynamic RPC

Bing\Microsoft.Exchange.RpcClientAccess.Service.exe

MSExchangeRPC - PRCEPMap (TCP-In)

Client Access, Mailbox

RPC-EPMap

Bing\Microsoft.Exchange.RpcClientAccess.Service.exe

MSExchangeRPC (TCP-In)

Client Access, Mailbox

6001 (TCP)

Bing\Microsoft.Exchange.RpcClientAccess.Service.exe

MSExchangeMailboxReplication (GFW) (TCP-In)

Client Access

808 (TCP)

Any

MSExchangeMailboxReplication (TCP-In)

Client Access

808 (TCP)

Bin\MSExchangeMailboxReplication.exe

MSExchangeIS - RPC (TCP-In)

Mailbox

Dynamic RPC

Bin\Store.exe

MSExchangeIS RPCEPMap (TCP-In)

Mailbox

RPC-EPMap

Bin\Store.exe

MSExchangeIS (GFW) (TCP-In)

Mailbox

6001, 6002, 6003, 6004 (TCP)

Any

MSExchangeIS (TCP-In)

Mailbox

6001 (TCP)

Bin\Store.exe

MSExchangeMailboxAssistants - RPC (TCP-In)

Mailbox

Dynamic RPC

Bin\MSExchangeMailboxAssistants.exe

MSExchangeMailboxAssistants - RPCEPMap (TCP-In)

Mailbox

RPC-EPMap

Bin\MSExchangeMailboxAssistants.exe

MSExchangeMailSubmission - RPC (TCP-In)

Mailbox

Dynamic RPC

Bin\MSExchangeMailSubmission.exe

MSExchangeMailSubmission - RPCEPMap (TCP-In)

Mailbox

RPC-EPMap

Bin\MSExchangeMailSubmission.exe

MSExchangeMigration - RPC (TCP-In)

Mailbox

Dynamic RPC

Bin\MSExchangeMigration.exe

MSExchangeMigration - RPCEPMap (TCP-In)

Mailbox

RPC-EPMap

Bin\MSExchangeMigration.exe

MSExchangerepl - Log Copier (TCP-In)

Mailbox

64327 (TCP)

Bin\MSExchangeRepl.exe

MSExchangerepl - RPC (TCP-In)

Mailbox

Dynamic RPC

Bin\MSExchangeRepl.exe

MSExchangerepl - RPC-EPMap (TCP-In)

Mailbox

RPC-EPMap

Bin\MSExchangeRepl.exe

MSExchangeSearch - RPC (TCP-In)

Mailbox

Dynamic RPC

Bin\Microsoft.Exchange.Search.ExSearch.exe

MSExchangeThrottling - RPC (TCP-In)

Mailbox

Dynamic RPC

Bin\MSExchangeThrottling.exe

MSExchangeThrottling - RPCEPMap (TCP-In)

Mailbox

RPC-EPMap

Bin\MSExchangeThrottling.exe

MSFTED - RPC (TCP-In)

Mailbox

Dynamic RPC

Bin\MSFTED.exe

MSFTED - RPCEPMap (TCP-In)

Mailbox

RPC-EPMap

Bin\MSFTED.exe

MSExchangeEdgeSync - RPC (TCP-In)

Hub Transport

Dynamic RPC

Bin\Microsoft.Exchange.EdgeSyncSvc.exe

MSExchangeEdgeSync - RPCEPMap (TCP-In)

Hub Transport

RPC-EPMap

Bin\Microsoft.Exchange.EdgeSyncSvc.exe

MSExchangeTransportWorker - RPC (TCP-In)

Hub Transport

Dynamic RPC

Bin\edgetransport.exe

MSExchangeTransportWorker - RPCEPMap (TCP-In)

Hub Transport

RPC-EPMap

Bin\edgetransport.exe

MSExchangeTransportWorker (GFW) (TCP-In)

Hub Transport

25, 587 (TCP)

Any

MSExchangeTransportWorker (TCP-In)

Hub Transport

25, 587 (TCP)

Bin\edgetransport.exe

MSExchangeTransportLogSearch - RPC (TCP-In)

Hub Transport, Edge Transport, Mailbox

Dynamic RPC

Bin\MSExchangeTransportLogSearch.exe

MSExchangeTransportLogSearch - RPCEPMap (TCP-In)

Hub Transport, Edge Transport, Mailbox

RPC-EPMap

Bin\MSExchangeTransportLogSearch.exe

SESWorker (GFW) (TCP-In)

Unified Messaging

Any

Any

SESWorker (TCP-In)

Unified Messaging

Any

UnifiedMessaging\SESWorker.exe

UMService (GFW) (TCP-In)

Unified Messaging

5060, 5061

Any

UMService (TCP-In)

Unified Messaging

5060, 5061

Bin\UMService.exe

UMWorkerProcess (GFW) (TCP-In)

Unified Messaging

5065, 5066, 5067, 5068

Any

UMWorkerProcess (TCP-In)

Unified Messaging

5065, 5066, 5067, 5068

Bin\UMWorkerProcess.exe

UMWorkerProcess - RPC (TCP-In)

Unified Messaging

Dynamic RPC

Bin\UMWorkerProcess.exe