EBS 2008 Firewall Configuration

Essential Business Server 2008 (EBS 2008) automatically installs and configures most of the components required to provide remote access. Details can be found in my EBS 2008 Remote Access article.

Forefront TMG is automatically configured during installation to allow the ports listed below to access services in the EBS 2008 environment. If you have an external router or firewall you will need to forward the following ports from that device to the WAN Adapter of the EBS 2008 Security Server:

  • Port 25 TCP – SMTP
  • Port 80 TCP – HTTP (EBS 2008 redirects inbound HTTP to HTTPS)
  • Port 443 TCP – HTTPS (RWW, OWA and TS Gateway)
  • Port 987 TCP – External secure Windows SharePoint Services intranet access
  • Port 1723 TCP – PPTP (VPN) – optional as RRAS is not configured by default

Note that RDP access to server consoles is done via Terminal Services Gateway (over port 443) so do not allow inbound connections on port 3389 as it is a security risk.