Exchange 2010 – Firewall rule

[アーティクル]
05/23/2011

Le varie versioni di Windows, a partire da XP/2003, hanno integrato nell’installazione un servizio di firewall. Questo servizio si è andato di volta in volta evolvendo, includendo differenti opzioni che ne permettevano o meno l’attivazione e l’implementazioni di regole a seconda del profilo di rete scelto.

Ad oggi molti prodotti, durante il setup, includono tutte le regole che servono al corretto funzionamento del software che si sta installando, ma va tenuto in considerazione che per far si che le varie eccezioni siano aggiunte in automatico, il servizio deve essere lasciato attivo per tutto il processo di setup o di upgrade (RU o Service Pack). In alcuni ambienti il servizio di firewall viene tenuto spento e questo impedisce la corretta implementazione delle regole. Se la scelta è quella di tenere il servizio disattivato, il consiglio è quello di attivarlo durate i vari setup/upgrade e disattivarlo subito dopo.

Per chi volesse riattivare il firewall dopo l’installazione di Exchange 2010, queste sono le regole da verificare

Rule name	Server roles	Port	Program
MSExchangeADTopology - RPC (TCP-In)	Client Access, Hub Transport, Mailbox, Unified Messaging	Dynamic RPC	Bin\MSExchangeADTopologyService.exe
MSExchangeMonitoring - RPC (TCP-In)	Client Access, Hub Transport, Edge Transport, Unified Messaging	Dynamic RPC	Bin\Microsoft.Exchange.Management.Monitoring.exe
MSExchangeServiceHost - RPC (TCP-In)	All roles	Dynamic RPC	Bin\Microsoft.Exchange.ServiceHost.exe
MSExchangeServiceHost - RPCEPMap (TCP-In)	All roles	RPC-EPMap	Bin\Microsoft.Exchange.Service.Host
MSExchangeRPCEPMap (GFW) (TCP-In)	All roles	RPC-EPMap	Any
MSExchangeRPC (GFW) (TCP-In)	Client Access, Hub Transport, Mailbox, Unified Messaging	Dynamic RPC	Any
MSExchange - IMAP4 (GFW) (TCP-In)	Client Access	143, 993 (TCP)	All
MSExchangeIMAP4 (TCP-In)	Client Access	143, 993 (TCP)	ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe
MSExchange - POP3 (FGW) (TCP-In)	Client Access	110, 995 (TCP)	All
MSExchange - POP3 (TCP-In)	Client Access	110, 995 (TCP)	ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe
MSExchange - OWA (GFW) (TCP-In)	Client Access	5075, 5076, 5077 (TCP)	All
MSExchangeOWAAppPool (TCP-In)	Client Access	5075, 5076, 5077 (TCP)	Inetsrv\w3wp.exe
MSExchangeAB-RPC (TCP-In)	Client Access	Dynamic RPC	Bin\Microsoft.Exchange.AddressBook.Service.exe
MSExchangeAB-RPCEPMap (TCP-In)	Client Access	RPC-EPMap	Bin\Microsoft.Exchange.AddressBook.Service.exe
MSExchangeAB-RpcHttp (TCP-In)	Client Access	6002, 6004 (TCP)	Bin\Microsoft.Exchange.AddressBook.Service.exe
RpcHttpLBS (TCP-In)	Client Access	Dynamic RPC	System32\Svchost.exe
MSExchangeRPC - RPC (TCP-In)	Client Access, Mailbox	Dynamic RPC	Bing\Microsoft.Exchange.RpcClientAccess.Service.exe
MSExchangeRPC - PRCEPMap (TCP-In)	Client Access, Mailbox	RPC-EPMap	Bing\Microsoft.Exchange.RpcClientAccess.Service.exe
MSExchangeRPC (TCP-In)	Client Access, Mailbox	6001 (TCP)	Bing\Microsoft.Exchange.RpcClientAccess.Service.exe
MSExchangeMailboxReplication (GFW) (TCP-In)	Client Access	808 (TCP)	Any
MSExchangeMailboxReplication (TCP-In)	Client Access	808 (TCP)	Bin\MSExchangeMailboxReplication.exe
MSExchangeIS - RPC (TCP-In)	Mailbox	Dynamic RPC	Bin\Store.exe
MSExchangeIS RPCEPMap (TCP-In)	Mailbox	RPC-EPMap	Bin\Store.exe
MSExchangeIS (GFW) (TCP-In)	Mailbox	6001, 6002, 6003, 6004 (TCP)	Any
MSExchangeIS (TCP-In)	Mailbox	6001 (TCP)	Bin\Store.exe
MSExchangeMailboxAssistants - RPC (TCP-In)	Mailbox	Dynamic RPC	Bin\MSExchangeMailboxAssistants.exe
MSExchangeMailboxAssistants - RPCEPMap (TCP-In)	Mailbox	RPC-EPMap	Bin\MSExchangeMailboxAssistants.exe
MSExchangeMailSubmission - RPC (TCP-In)	Mailbox	Dynamic RPC	Bin\MSExchangeMailSubmission.exe
MSExchangeMailSubmission - RPCEPMap (TCP-In)	Mailbox	RPC-EPMap	Bin\MSExchangeMailSubmission.exe
MSExchangeMigration - RPC (TCP-In)	Mailbox	Dynamic RPC	Bin\MSExchangeMigration.exe
MSExchangeMigration - RPCEPMap (TCP-In)	Mailbox	RPC-EPMap	Bin\MSExchangeMigration.exe
MSExchangerepl - Log Copier (TCP-In)	Mailbox	64327 (TCP)	Bin\MSExchangeRepl.exe
MSExchangerepl - RPC (TCP-In)	Mailbox	Dynamic RPC	Bin\MSExchangeRepl.exe
MSExchangerepl - RPC-EPMap (TCP-In)	Mailbox	RPC-EPMap	Bin\MSExchangeRepl.exe
MSExchangeSearch - RPC (TCP-In)	Mailbox	Dynamic RPC	Bin\Microsoft.Exchange.Search.ExSearch.exe
MSExchangeThrottling - RPC (TCP-In)	Mailbox	Dynamic RPC	Bin\MSExchangeThrottling.exe
MSExchangeThrottling - RPCEPMap (TCP-In)	Mailbox	RPC-EPMap	Bin\MSExchangeThrottling.exe
MSFTED - RPC (TCP-In)	Mailbox	Dynamic RPC	Bin\MSFTED.exe
MSFTED - RPCEPMap (TCP-In)	Mailbox	RPC-EPMap	Bin\MSFTED.exe
MSExchangeEdgeSync - RPC (TCP-In)	Hub Transport	Dynamic RPC	Bin\Microsoft.Exchange.EdgeSyncSvc.exe
MSExchangeEdgeSync - RPCEPMap (TCP-In)	Hub Transport	RPC-EPMap	Bin\Microsoft.Exchange.EdgeSyncSvc.exe
MSExchangeTransportWorker - RPC (TCP-In)	Hub Transport	Dynamic RPC	Bin\edgetransport.exe
MSExchangeTransportWorker - RPCEPMap (TCP-In)	Hub Transport	RPC-EPMap	Bin\edgetransport.exe
MSExchangeTransportWorker (GFW) (TCP-In)	Hub Transport	25, 587 (TCP)	Any
MSExchangeTransportWorker (TCP-In)	Hub Transport	25, 587 (TCP)	Bin\edgetransport.exe
MSExchangeTransportLogSearch - RPC (TCP-In)	Hub Transport, Edge Transport, Mailbox	Dynamic RPC	Bin\MSExchangeTransportLogSearch.exe
MSExchangeTransportLogSearch - RPCEPMap (TCP-In)	Hub Transport, Edge Transport, Mailbox	RPC-EPMap	Bin\MSExchangeTransportLogSearch.exe
SESWorker (GFW) (TCP-In)	Unified Messaging	Any	Any
SESWorker (TCP-In)	Unified Messaging	Any	UnifiedMessaging\SESWorker.exe
UMService (GFW) (TCP-In)	Unified Messaging	5060, 5061	Any
UMService (TCP-In)	Unified Messaging	5060, 5061	Bin\UMService.exe
UMWorkerProcess (GFW) (TCP-In)	Unified Messaging	5065, 5066, 5067, 5068	Any
UMWorkerProcess (TCP-In)	Unified Messaging	5065, 5066, 5067, 5068	Bin\UMWorkerProcess.exe
UMWorkerProcess - RPC (TCP-In)	Unified Messaging	Dynamic RPC	Bin\UMWorkerProcess.exe

次の方法で共有

Exchange 2010 – Firewall rule

その他のリソース