Configure Direct Push to Work Through Your Firewall
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-07-23
You can configure your firewall to support Direct Push. Direct Push lets your mobile phone stay current with your Microsoft Exchange Server 2010 mailbox.
Direct Push operates by maintaining a long-standing HTTPS request between the mobile phone and the Exchange Client Access server. This request tells the Exchange Client Access server to immediately notify the mobile phone if any items in synchronized folders change during the life of the request. If any items change, the mobile phone issues a synchronization request, synchronizes with the server, and then reissues the HTTPS request. If no items change during the life of the request, the request is reissued.
Because the request and the response travel over an HTTPS connection, the only port that you have to open on your firewall is port 443 for HTTPS traffic. No additional ports are required for Direct Push to operate.
To verify that port 443 is open, see your firewall documentation. You should also configure your firewall time-out value to be between 15 and 30 minutes. This ensures that the long-standing HTTPS request can stay open without expiring. The exact steps for this configuration will vary, depending on your firewall hardware and software.