Forum Discussion

CadenL's avatar
CadenL
Level 6
4 years ago

EV email archiving through a firewall

Hi

Can anyone help me with a little better understanding of the firewall requirements when archiving from an Exchange server that has a firewall between the Exchange and EV archiving server.

I've been referencing the following technote Destination ports required by Enterprise Vault (veritas.com)

This tells me that port 135 needs to be open through the firewall (both ways?) and "RPC discovery. (DCOM). The returned port numbers to use will be above 1024 TCP". Am I correct in thinking that port 135 is used for the initial connection and then 'other' ports are subsequently used for all further communication?

It's these 'other' ports that I need a little help with - Do these also need to be defined and 'open' through the firewall? or do I not need to worry about this and it just magically works - eg it's all managed by the firewall through some kind of application id awareness functionality?

thanks

  • Hi there CadenL, 

    I believe you could theoretically follow this kb article here to configure a DCOM / RPC port range in exchange as well which includes configuring a range for the rpc ports as well as creating specific firewall rules. However I am not completely certain if there are specific things from MS that you need to keep in mind.

    How to setup the Enterprise Vault Distributed COM (DCOM) services to function through a Windows 2003 / 2008 / 2012 Firewall  https://www.veritas.com/support/en_US/article.100000541 

     

    Regards

    Marc

    • CadenL's avatar
      CadenL
      Level 6

      Thanks - yes, I've done it a few times before with Windows firewalls but in this case the Windows firewalls are disabled so I wasn't sure if you still need to define the dynamic port range in the Windows registry or if that is something that isn't needed if the WIndows firewall is turned off.

      I wonder if you still need to define the port range in the Windows registry and then tell the firewall admin which port range you've configured so that these ports can also be allowed on the firewall.......

      This is probably more of a firewall question than an EV question so not really expecting a definitive answer but somebody may come along who has configured this scenario before.

      thanks again