What inbound ports do I need to open on my firewall for SBS 2. Standard? Small Business Server 2. Standard (SBS 2. 01. Standard) needs to have a few ports open on your firewall router to allow specific traffic to flow into your SBS 2. You can use the u. Pn. P protocol to automatically configure your firewall if you permit it. To do so ensure that u. Pn. P is enabled on your firewall and run the Internet Address Management Wizard – it will do the rest. If however you, like me are more security conscious, you will want to manually make any changes to your firewall settings and you will want to disable u. Pn. P. I do this routinely as I’ve had scenarios where a user on the network has loaded a third party application and that application has then redirected critical ports such as port 4. · I have an SBS 2011 Site where I was getting the Warning Leaf certificate expiring Site is running the standard SBS Self signed certificate I ran the Fix. Symantec helps consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more. SBS 2. 01. 1 server. So if you are going to control things manually you will need to have the following ports open. Note that you do NOT have to have them ALL open – but you need to open them IF you wish to use that functionality. Certain ports such as port 2. Port 2. 5 – is required for all SMTP inbound mail. If you have no external email filtering or antispam software then you will need to leave this open for all external IPs. If however you are using something like Exchange. Defender or Trend IMHS then you will need to lock down the external IPs that this port can talk to. If this port is NOT open then you will not be able to receive external email. Port 8. NOT need to be open at all in reality. It’s there to provide an easy redirect for our users when they go to access the Remote Web Access feature of SBS 2. Having this port open allows the user to type in remote. SBS2011 server hanging on boot as exchange services will not start. This was an issue with IPV6 being disabled. Here is the solution. The server will immediately redirect the user to https: //remote. You can safely close this port to reduce your attack profile but you will need to train your users to type in the full URL of https: //remote. Port 4. 43 – this is a mandatory one. This is the secret behind SBS 2. Remote Web Access (RWA), Outlook Web Access, Activesync for your mobile devices and Outlook Anywhere. If this is not open then none of these functions will work outside your office. Port 9. 87 – this port is used for SSL encrypted access to the Company. Web. It uses the same SSL certificate as the one you installed with the Certificate Wizard and will provide external access to Companyweb. If this port is not open then you will not have external access tom Companyweb at all. Port 1. 72. 3 – is an optional port. You will need this open if you wish to use VPN to access the network remotely. Port 3. 38. 9 – DOES NOT NEED TO BE OPEN at all. May people believe they need this open to access the server from remote locations – that is incorrect. Having this port open to the Internet without restriction is a security issue as it then gives remote people direct console access to attempt to penetrate your server. If you must have it open for remote support purposes then install a two factor authentication agent like Auth. Anvil or lock the port down so it’s accessible from your remote IP only. So in a nutshell, you only really need port 2. Internet on your firewall to allow MOST of the functionality of SBS 2. Remote Web Access.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |