Re: Quick ISA question by Tony
Tony
Thu Jan 27 23:23:02 CST 2005
Hi guys,
One of the main reasons Server Publishing may be preferred over Packet
Filtering is generation of reports, to be included in the standard ISA
reports.
As for Eddie's question about IMAPS, my question would be how you think
you've configured it because not only is it highly unusual (and therefor
limited documentation/references), it's not generally mentioned in the same
breath as OWA.
Typically people deploy IMAP on port 143.
Yes, IMAPS is port 993. You also need to configure your Exchange IMAP
virtual server with the appropriate certificate (You may be able to configure
with the same certificate you're using for OWA, but see next comment/warning).
Be aware that unless the User is using a laptop which is already a member of
the SBS Domain or you're configured with a commercial certificate, otherwise
you will run into certificate trust issues.
Lastly, I recommend using Telnet on the specific port instead of a port
scanner to determine whether a service is listening on the port.
HTH,
Tony
"SuperGumby [SBS MVP]" wrote:
> yeah, he's trying secure IMAP, IMAPS.
>
> two ways to do it
>
> packet filter OR publish
>
> By default, when enabled, Exchange IMAP server listens on 'all unassigned'
> interfaces, port 143 for IMAP and 993 for IMAPS. In Exchange Admin check
> servers/sbs/protocols/imap4/default server.
>
> Publishing is theoretically more secure. To publish change 'all unassigned'
> to your internal IP. It won't then conflict with your publishing rule.
>
> I say publishing is _theoretically_ more secure because I can't see any IMAP
> filtering in my ISA. Without protocol filtering there is little difference
> between publishing it and allowing direct access to the service (in my
> understanding anyway). SO, you could leave the service on 'all unassigned'
> and just implement a packet filter to allow access.
>
>
> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
> news:O$CU$sxAFHA.904@TK2MSFTNGP12.phx.gbl...
> > Hi Eddie,
> >
> > IMAP runs on port 143.
> >
> > --
> > Regards,
> >
> > Marina
> > Microsoft SBS-MVP
> > One of the Magical M&M's
> >
> > "Eddie Allen" <eddie.allen@united.com> schreef in bericht
> > news:%2335RPKxAFHA.2428@TK2MSFTNGP14.phx.gbl...
> >> Well I figured out the problem but not sure as the solution. The
> > firewall
> >> service is listening on the 993 port and not allowing the IMAP service to
> >> bind to it and I am getting a 115 error. If I close one or the other I
> > can
> >> get them to start successfully but turning them both on results in
> > whichever
> >> one is started last always dies. What is the best way to stop this. I
> >> guess I could change the port to a dif port so they get along?
> >>
> >> Thanks
> >> Eddie
> >> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> > message
> >> news:eo7F2twAFHA.3840@tk2msftngp13.phx.gbl...
> >> > Hi Eddie,
> >> >
> >> > Did you also start the IMAP service?
> >> >
> >> > --
> >> > Regards,
> >> >
> >> > Marina
> >> > Microsoft SBS-MVP
> >> > One of the Magical M&M's
> >> >
> >> > "Eddie Allen" <eddie.allen@united.com> schreef in bericht
> >> > news:uoizzlwAFHA.4044@TK2MSFTNGP14.phx.gbl...
> >> >> Well I checked with our isp and there router is configured as full
> >> >> open
> >> >> so
> >> >> the problem seems to be with the ISA server here. I havent installed
> >> >> a
> >> >> router inbetween theirs and our sbs box yet. I am using the same type
> > of
> >> >> rule for our OWA SSL connection and it seems to work fine so I am
> >> >> still
> >> >> stumped on why ISA will not open the connection. I am going to look
> > some
> >> >> more.
> >> >>
> >> >>
> >> >> Thanks for the help.
> >> >>
> >> >> Eddie
> >> >> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> >> > message
> >> >> news:uOZnHbwAFHA.1260@TK2MSFTNGP12.phx.gbl...
> >> >> > Hi Eddie,
> >> >> >
> >> >> > Did you also forward port 993 to your external nic IP from the
> > router?
> >> >> >
> >> >> > --
> >> >> > Regards,
> >> >> >
> >> >> > Marina
> >> >> > Microsoft SBS-MVP
> >> >> > One of the Magical M&M's
> >> >> >
> >> >> > "Eddie Allen" <eddie.allen@united.com> schreef in bericht
> >> >> > news:%23SqfGNwAFHA.824@TK2MSFTNGP11.phx.gbl...
> >> >> >> Running SBS2000 with ISa(dual nic). I have added a server
> > publishing
> >> >> >> rule
> >> >> >> using the predifined IMAPS. I speficed my internal address and
> >> > external
> >> >> >> then I restarted ISA but no matter what port scanner I used port
> >> >> >> 993
> >> >> >> never
> >> >> >> displays as open. I am trying to get some users configured to
> > access
> >> >> >> IMAP
> >> >> >> from a couple of PDA phones. I have never had a problem opening
> > ports
> >> > in
> >> >> >> ISA and am kinda confused as to what the desl with it is.
> >> >> >>
> >> >> >>
> >> >> >> Thanks
> >> >> >>
> >> >> >> Eddie
> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
>