Michel de Rooij has released the latest version of his Exchange Server 2010 SP1 network ports diagram.

For this version, I’ve included clients, 3rd party SMTP elements, UM and OCS/Lync components and a small list of how to change ports or fix dynamic port settings.

Exchange 2010 SP1 Network Ports Diagram

Download it free from Michel’s blog here.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Stewart

    Hi Paul,

    I will be migrating to Exchange Cloud soon, however, I was looking at your excellent diagram and have a few questions. 1. Can IMAP be set to allow users to login to exchange from the Internet? I could document what I have tried, yet probably too much here. 2. Your diagram has legacy users using IMAP, are these people logging in from the net or internal to the domain? The diagram has the arrows pointing to the CAS from the legacy users, should the arrows be pointing to the users? I thought IMAP is a receive protocol? Although I have read it can be used to send too. The concept I am trying to understand is, is the hub transport server used to receive legacy user inbound traffic (SMTP port 25 for example) and the CAS takes care of sending IMAP traffic to the user? Thanks in advance. Stewart

  2. Rick

    Hi Paul,
    I know but its out of my control. Client has a firewall between 2 sites and its very hard to get a risk approval from security team.
    Thank you.
    Rick

  3. Rick

    G’day Paul,
    Site1:
    mailbox-server1
    mailbox-server2

    Site2:
    mailbox-server3
    mailbox-server4

    All these mailbox servers are in a DAG and there is a firewall between both sites.

    Communication between mailbox servers:
    I know that for MAPI replication network port 135 needs to be opened and replication network port 64327 (customizable) needs to be opened.

    Is there any other ports, dynamic ports need to be opened for all communication for all mailbox servers between both sites?

    Thanks mate.

      1. Gabe

        Paul, I need help.

        I am on Exchange 2010, with 1 Hub/CAS server and 2 Mailbox servers in a DAG. But I have had a couple aborted attempts at enabling the firewall on my exchange servers. Indeed, I just tried again last night and had to roll it back.

        I think I understand what you are trying to say, but given that the firewall *should* be enabled on exchange servers, how to I NOT firewall the Exchange servers from each other, but still obtain the firewall protections from EVERYTHING ELSE????

  4. Dae

    Thanks for a fantastic diagram. How would it differ if the Exchange servers were in a child domain (and the users/mailboxes in a parent domain)? What about an Exchange resource forest?

    The reason for asking as that we are working on a solution that may utilise one of the aforementioned deployment models and it would make our firewall config easier if we had the correct diagram.

    For reasons I can’t go into there has to be a firewall between the physical location which contains users and the parent domain/accounts forest and the other location which will contain all the Exchange servers and 2 DCs for the child domain/resource forest.

    Thanks in advance
    Dae.

  5. Chris Brown

    Lovely…have this one on my wall next to the Microsoft architecture one! Very handy resources…

Leave a Reply