S
Steve Kerr
We have a VPN dial-in system used for remote workers in Africa to dial in and
download email. This uses dual skinned firewalls and a VPN Concentrator to
secure the access. At the moment, the outer skin only allows in IPSEC/IKE
through and hence is fairly secure, but the inner skin still has a pass all
rule that I need to remove.
The problem is that the full Outlook Client is MAPI compliant and uses MS
RPC (sic) to talk to Exchange. As most firewalls can't track the RPC calls,
you either have to open a huge range of TCP ports (which our Risk people
won't allow) or you have to use fixed RPC ports. (or use the Outlook Web
client which is NOT an option).
I can find how to force Exchange to use fixed RPC ports, this is a fairly
simple Registry hack, but I can't find the same information for the Outlook
client machines.
Can anyone help me out?
download email. This uses dual skinned firewalls and a VPN Concentrator to
secure the access. At the moment, the outer skin only allows in IPSEC/IKE
through and hence is fairly secure, but the inner skin still has a pass all
rule that I need to remove.
The problem is that the full Outlook Client is MAPI compliant and uses MS
RPC (sic) to talk to Exchange. As most firewalls can't track the RPC calls,
you either have to open a huge range of TCP ports (which our Risk people
won't allow) or you have to use fixed RPC ports. (or use the Outlook Web
client which is NOT an option).
I can find how to force Exchange to use fixed RPC ports, this is a fairly
simple Registry hack, but I can't find the same information for the Outlook
client machines.
Can anyone help me out?