OWA to Firewall to Exchange

If you're implementing a new Exchange server (5.5!) into your existing Organisation, need Outlook Web Access to be able to access the new server, and there's a firewall in place between the two devices, don't forget that you need to statically map two ports on the Exchange Server. One port needs to be mapped (by editing the registry) for the Information Store eg 1225, and another for the Directory eg 1226. These two ports, together with port 135 must then also be allowed on the firewall. If you don't do this, Exchange will reply on a random port above 1024, the firewall will drop the packets... and it just won't work!

Chris Meirick

Chris Meirick on July 25, 2003 at 07:08 AM in How-Tos
« The ADModify Tool | Main | Listen up... »


That's good info, thanks. It doesn't apply to exchange 2003 however, in case you think it's why SSL is stopped you configuring OWA, :-0. Ken

Posted by: ken at Jan 20, 2004 8:40:04 PM

Hi there,

So, if I need to configure my firewall (hardware) to allow me to access my SBS 2000 mailbox via Outlook Web Access, I need to open ports 1225, 1226 and 135 on the firewall, is that correct?

Posted by: Brett Rigby at Apr 1, 2004 4:52:17 AM

Hi Brett,

As you are using SBS all you'll need to do is allow SSL port 443 for OWA. NB: you definitely do not want to open port 135!



Posted by: Chris Meirick at Apr 6, 2004 1:40:48 PM

Is it possible to install OWA 5.5 in a separate Windows 2000 domain outside a firewal or within a DMZ and attache to an Exchange 5.5 server in a separate internal domain? With or without a Trust?


Posted by: doug at Apr 6, 2004 5:45:56 PM

Hi Chris,

From that webpage that you posted the URL for, it says '

443 (https://) - Enables all secure browser access, including external access to Exchange for Outlook 2003, OWA, and OMA clients; required for external access to server monitoring and usage reports.

Does this mean that I have to install an SSL certificate on my 2000 SBS machine to allow me access to OWA?



Posted by: Brett Rigby at Apr 11, 2004 7:17:52 AM

Hi Brett,

You don't need SSL to be able to access OWA, however of course it is to be recommended for the security that it will provide. If you don't use SSL, then access would be via port 80.

Posted by: Chris Meirick at Apr 11, 2004 11:02:49 AM


I need to use OWA from Internet to look my internal email. I have a firewall Netscreen
with http and https policies enabled and virtual services to http and https enabled,
but I can not see my internal email from Internet.

However I can see outlook internally from my lan.

Can any one help me?

Thansk in advanced

Posted by: Carlos at Feb 4, 2005 3:51:42 PM

Have you allowed port 443 through your firewall?

Posted by: Chris Meirick at Feb 5, 2005 1:03:37 AM

What ports needs to be open at my FW in order to provide corporative users for accessing an OWA web site belonging to another corporate.
After I validate as a domain user and the OWA interface appears, an intermettenly window appears for validation as a domain/user at mi Iexplorer.


Posted by: Gustavo at May 16, 2006 11:48:28 AM