I’m having a lot of fun configuring Exchange 2000 and a PIX firewall. There seems to be no end to the ports it wants open. I’m trying to put the Exchange server on the DMZ port of the PIX, and have already opened the following ports:
53 both tcp and udp
88 both
135 tcp
139 tcp
137 udp
138 udp
123 tcp
389 both
445 tcp
1025 both
3268 tcp
The Ex2k server was setup on the inside network. Now that I’ve relocated Ex2k to DMZ, it can’t connect to the directory without me opening all ports from DMZ to inside. I’ve run a syslog from the PIX, and for every additional port I open an additional block occurs – usually a udp in the above 1024 range. I followed KB article Q280132 (the suggested ports are included above, as was the registry entry for NTDS to set it to 1025). Inbound directory queries fail. Looks like there would be a registry key to set on the inbound Ex2k server.
Any suggestions are appreciated.
