I Lost OWA and active sync from Exchange 2007.
-
Does this look right? I have no packages set up yet. Logs show lots of lots of LAN traffic getting blocked at the WAN address on ports 137 and 138 do I need to open 137 and 138 also?
Proto Source Port Destination Port Gateway Schedule Description
Reserved/not assigned by IANA * * * * * Block bogon networks
TCP * * Exchange 25 (SMTP) * NAT Inbound SMTP
TCP * * Exchange 443 (HTTPS) * NAT Inbound 80
TCP * * Exchange 143 (IMAP) * NAT Inbound imap
TCP LAN address * Exchange 143 (IMAP) * NAT Inbound https
TCP * * WAN IP 443 (HTTPS) * Easy Rule: Passed from Firewall Log View
-
This is what I have reset up, and still no https or imap love.
LAN SideProto Source Port Destination Port Gateway Schedule Description TCP LAN address * Exchange 443 (HTTPS) * NAT Inbound https TCP LAN address * * 443 (HTTPS) * NAT Inbound https TCP/UDP * * Exchange 443 (HTTPS) * NAT Inbound https * LAN net * * * * Default LAN -> any TCP Exchange * * 25 (SMTP) * Allow Outbound SMTP TCP Exchange * * 443 (HTTPS) * Allow Outbound https TCP * * Exchange 443 (HTTPS) * Allow Outbound https TCP Exchange * * 143 (IMAP) * Allow Outbound imap TCP * * * 25 (SMTP) * Block Unauthorized Outbound SMTP UDP * * Exchange 137 (NetBIOS-NS) * Easy Rule: Passed from Firewall Log View UDP * * Exchange 138 (NetBIOS-DGM) * Easy Rule: Passed from Firewall Log View
WAN Side
Proto Source Port Destination Port Gateway Schedule Description * Reserved/not assigned by IANA * * * * * Block bogon networks TCP * * Exchange 25 (SMTP) * NAT Inbound SMTP TCP Exchange * * 25 (SMTP) * NAT Inbound SMTP TCP * * Exchange 80 (HTTP) * NAT Inbound http TCP * * Exchange 443 (HTTPS) * NAT Inbound 80 TCP * * Exchange 143 (IMAP) * NAT Inbound imap TCP/UDP * * Exchange 143 (IMAP) * NAT Inbound imap TCP LAN address * Exchange 143 (IMAP) * NAT Inbound https TCP WAN address * Exchange 143 (IMAP) * NAT Inbound https TCP * * Exchange 443 (HTTPS) * Easy Rule: Passed from Firewall Log View TCP LAN address * Exchange 443 (HTTPS) * Easy Rule: Passed from Firewall Log View TCP * * WAN IP 443 (HTTPS) * Easy Rule: Passed from Firewall Log View TCP/UDP * * Exchange 138 (NetBIOS-DGM) * NAT TCP/UDP * * Exchange 137 (NetBIOS-NS) * NAT
People get pissy when the internets go down for some reason. How do my rules look?
NAT
If Proto Ext. port range NAT IP Int. port range Description WAN TCP 25 (SMTP) Exchange 25 (SMTP) Inbound SMTP WAN TCP 25 (SMTP) Exchange 443 (HTTPS) Inbound https WAN TCP 25 (SMTP) Exchange 143 (IMAP) Inbound https WAN TCP 25 (SMTP) Exchange 443 (HTTPS) Inbound https WAN TCP/UDP 138 (NetBIOS-DGM) Exchange 138 (NetBIOS-DGM) WAN TCP/UDP 137 (NetBIOS-NS) Exchange 137 (NetBIOS-NS)
-
Can I strongly suggest you remove all the rules and start again. Being with a blank slate - one default allow all on the LAN and use the Wizard to create your NAT rules.
When you're finished you shouldn't end up with any extra rules on the LAN interface and the WAN and NAT rules will be much shorter.
-
What wizard?
-
All you should have to do is port forward 25, 80 and 443 to you exchange server. That is all I am doing and it works just fine. Did you change something on exchange?
Looking at your NAT, it does not look like you are forwarding port 80.
Yes, I would start over as well and have only this rule in the LAN Tab
- LAN net * * * * Default LAN -> any
Just go to Firewall > NAT > Port forward for you Exchange services
WAN TCP * * WAN address 80 (HTTP) Exchange 80 (HTTP)
WAN TCP * * WAN address 443 (HTTPS) Exchange 443 (HTTPS)
WAN TCP * * WAN address 25 (SMTP) Exchange 25 (SMTP)
etc. The Port Forwarding will auto-create some rules in your WAN leave them there.