I Lost OWA and active sync from Exchange 2007.



  • Does this look right? I have no packages set up yet. Logs show lots of lots of LAN traffic getting blocked at the WAN address on ports 137 and 138 do I need to open 137 and 138 also?

    Proto Source Port Destination Port Gateway Schedule Description

    Reserved/not assigned by IANA * * * * * Block bogon networks

    TCP * * Exchange 25 (SMTP) *   NAT Inbound SMTP

    TCP * * Exchange 443 (HTTPS) * NAT Inbound 80

    TCP * * Exchange 143 (IMAP) *   NAT Inbound imap

    TCP LAN address * Exchange 143 (IMAP) *  NAT Inbound https

    TCP * * WAN IP 443 (HTTPS) * Easy Rule: Passed from Firewall Log View



  • This is what I have reset up, and still no https or imap love.
    LAN Side

    
    Proto	Source	Port	Destination	Port	Gateway	Schedule	Description	
    
    TCP	 LAN address	 *	Exchange	 443 (HTTPS)	 *	  	 NAT Inbound https 	
    
    TCP	 LAN address	 *	 *	 443 (HTTPS)	 *	  	 NAT Inbound https 	
    
    TCP/UDP	 *	 *	Exchange	 443 (HTTPS)	 *	  	 NAT Inbound https 	
    
     *	 LAN net	 *	 *	 *	 *	  	 Default LAN -> any 	
    
    TCP	 Exchange	 *	 *	 25 (SMTP)	 *	  	 Allow Outbound SMTP 	
    
    TCP	 Exchange	 *	 *	 443 (HTTPS)	 *	  	 Allow Outbound https 	
    
    TCP	 *	 *	Exchange	 443 (HTTPS)	 *	  	 Allow Outbound https 	
    
    TCP	 Exchange	 *	 *	 143 (IMAP)	 *	  	 Allow Outbound imap 	
    
    TCP	 *	 *	 *	 25 (SMTP)	 *	  	 Block Unauthorized Outbound SMTP 	
    
    UDP	 *	 *	Exchange	 137 (NetBIOS-NS)	 *	  	 Easy Rule: Passed from Firewall Log View 	
    
    UDP	 *	 *	Exchange	 138 (NetBIOS-DGM)	 *	  	 Easy Rule: Passed from Firewall Log View 
    

    WAN Side

    
    Proto	Source	Port	Destination	Port	Gateway	Schedule	Description	
    
    *	Reserved/not assigned by IANA	*	*	*	*	*	Block bogon networks	
    
    TCP	 *	 *	Exchange	 25 (SMTP)	 *	  	 NAT Inbound SMTP 	
    
    TCP	Exchange	 *	 *	 25 (SMTP)	 *	  	 NAT Inbound SMTP 	
    
    TCP	 *	 *	Exchange	 80 (HTTP)	 *	  	 NAT Inbound http 	
    
    TCP	 *	 *	Exchange	 443 (HTTPS)	 *	  	 NAT Inbound 80 	
    
    TCP	 *	 *	Exchange	 143 (IMAP)	 *	  	 NAT Inbound imap 	
    
    TCP/UDP	 *	 *	Exchange	 143 (IMAP)	 *	  	 NAT Inbound imap 	
    
    TCP	 LAN address	 *	Exchange	 143 (IMAP)	 *	  	 NAT Inbound https 	
    
    TCP	 WAN address	 *	Exchange	 143 (IMAP)	 *	  	 NAT Inbound https 	
    
    TCP	 *	 *	Exchange	 443 (HTTPS)	 *	  	 Easy Rule: Passed from Firewall Log View 	
    
    TCP	 LAN address	 *	Exchange	 443 (HTTPS)	 *	  	 Easy Rule: Passed from Firewall Log View 	
    
    TCP	 *	 *	WAN IP	 443 (HTTPS)	 *	  	 Easy Rule: Passed from Firewall Log View 	
    
    TCP/UDP	 *	 *	 Exchange	 138 (NetBIOS-DGM)	 *	  	 NAT  	
    
    TCP/UDP	 *	 *	Exchange	 137 (NetBIOS-NS)	 *	  	 NAT  
    
    

    People get pissy when the internets go down for some reason.  How do my rules look?

    NAT

    
    If	Proto	Ext. port range	NAT IP	Int. port range	Description	
    
    WAN	 TCP	 25 (SMTP)	  Exchange		 25 (SMTP)	 Inbound SMTP 	
    
    WAN	 TCP	 25 (SMTP)	  Exchange		 443 (HTTPS)	 Inbound https 	
    
     WAN	 TCP	 25 (SMTP)	  Exchange		 143 (IMAP)	 Inbound https 	
    
     WAN	 TCP	 25 (SMTP)	 Exchange		 443 (HTTPS)	 Inbound https 	
    
    WAN	 TCP/UDP	 138 (NetBIOS-DGM)	  Exchange	 138 (NetBIOS-DGM)	  	
    
    WAN	 TCP/UDP	 137 (NetBIOS-NS)	  Exchange	 137 (NetBIOS-NS)	  	
    
    


  • Can I strongly suggest you remove all the rules and start again. Being with a blank slate - one default allow all on the LAN and use the Wizard to create your NAT rules.

    When you're finished you shouldn't end up with any extra rules on the LAN interface and the WAN and NAT rules will be much shorter.



  • What wizard?



  • All you should have to do is port forward 25, 80 and 443 to you exchange server. That is all I am doing and it works just fine. Did you change something on exchange?

    Looking at your NAT, it does not look like you are forwarding port 80.

    Yes, I would start over as well and have only this rule in the LAN Tab

    • LAN net * * * *   Default LAN -> any

    Just go to Firewall > NAT > Port forward for you Exchange services
    WAN TCP * * WAN address 80 (HTTP) Exchange 80 (HTTP)
    WAN TCP * * WAN address 443 (HTTPS) Exchange         443 (HTTPS)
    WAN TCP * * WAN address 25 (SMTP) Exchange 25 (SMTP)
    etc. The Port Forwarding will auto-create some rules in your WAN leave them there.


Log in to reply