This article describes the Transmission Control Protocol/Internet Protocol (TCP/IP) ports that are used by Mobile Information Server. This article also describes scenarios where you may need to open these ports on a firewall to allow access for mobile users.
When you run Mobile Information Server in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet), open the following ports on the router between the perimeter network and the internal network:
| • | 80 - Hypertext Transfer Protocol (HTTP) |
| • | 53 - Domain name system (DNS) |
| • | 88 - Kerberos (if you are using NTLM) |
| • | 135 - Remote procedure call (RPC) |
| • | 137 - NetBIOS Name Service |
| • | 138 - NetBIOS Datagram Service |
| • | 139 - NetBIOS Session |
| • | 389 - Lightweight Directory Access Protocol (LDAP) (TCP/User Datagram Protocol [UDP]) |
| • | 1026 - RPC |
| • | 3268 - Global Catalog with LDAP |
However, if you are using IPSec to secure traffic between Mobile Information Server and the internal network, allow only the following through the firewall for inbound and outbound traffic:
| • | IP Protocol 50 - Encapsulating Security Protocol (ESP) |
| • | IP Protocol 51 - Authentication Header (AH) |
| • | UDP port 500 - ISAKMP |
Additional TCP and UDP ports may be required to allow Kerberos. For additional information, click the article number below
to view the article in the Microsoft Knowledge Base:
233256 (http://support.microsoft.com/kb/233256/EN-US/) How to Enable IPSec Traffic Through a Firewall
On the external firewall between the perimeter network and the public network, the following ports must be available:
| • | For Exchange 2000 notifications:| • | 25 - SMTP (if you are using SMTP carriers) | | • | 80 - HTTP (if you are using HTTP carriers with Mobile Information Server Carrier Edition) | | • | 50, 51, UDP 500 - IPSec (if you are using an HTTP carrier with the IPSec policy) |
|
| • | For Exchange 2000 browse:| • | 80 - HTTP (if you are not using secure HTTP) | | • | 443 - HTTPS (if you are using secure HTTP over Secure Sockets Layer [SSL]) |
|
| • | For Exchange Server 5.5 browse:| • | 80 - HTTP (if you are not using secure HTTP) | | • | 443 - HTTPS (if you are using secure HTTP over SSL) |
|
In addition, Exchange Server 5.5 browse requires the following additional ports to be opened on the internal firewall:
| • |
1024 and higher - Dynamic RPC |
When you set Exchange Server 5.5 RPC ports statically, you can avoid the need for all ports higher than 1024 for dynamic RPC.
Help and Support
Back to the top
