Configuring an Internet Firewall

In Internet scenarios, a firewall is usually placed between the corporate network and the Internet. This firewall controls the connections that are allowed between computers on the Internet and computers in the corporate network. When you configure this firewall, it is important to consider the direction of traffic. For a detailed discussion about port direction, see "Port Filtering" in Using Firewalls in a Front-End and Back-End Topology.

You must configure the firewall to allow requests to certain IP addresses and over certain TCP/IP ports. The following table lists the ports required for different services. These ports are specific to inbound traffic (from the Internet to the front-end server).

Ports that must be open on the Internet firewall

Configuring ISA Server

If you are using ISA Server, you must configure it as follows. (These are general guidelines. For detailed information about how to configure ISA Server, see the ISA Server product documentation.)

1. Configure a listener for SSL.

2. Create a destination set that contains the external IP address of the ISA server. This destination set will be used in the Web publishing rule.

3. Create a Web publishing rule that redirects requests to the internal front-end server

4. Create protocol rules to open ports in ISA Server for outgoing traffic.

5. Configure the ISA server for Outlook Web Access. For information about how to configure an ISA Server for Outlook Web Access, see Microsoft Knowledge Base article 307347, "Secure OWA Publishing Behind ISA Server May Require Custom HTTP Header."