Configuring Direct Push to Work Through Your Firewall

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.


Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

Topic Last Modified: 2006-06-16

Direct Push lets your mobile device stay up to date with your Microsoft Exchange Server 2007 mailbox. This topic provides information about how to configure your firewall to support Direct Push.

Direct Push operates by maintaining a long-standing HTTPS request between the mobile device and the Exchange Server computer. This request tells the Exchange Server computer to immediately notify the mobile device if any items in synchronized folders change during the life of the request. If any items change, the mobile device issues a synchronization request, synchronizes with the server, and then reissues the HTTPS request. If no items change during the life of the request, the request is reissued.

Because the request and the response travel over an HTTPS connection, the only port that you have to open on your firewall is port 443 for HTTPS traffic. No additional ports are required for Direct Push to operate.

To verify that port 443 is open, see your firewall documentation. You should also configure your firewall time-out value to be between 15 and 30 minutes. This ensures that the long-standing HTTPS request can stay open without expiring.

For more information about Direct Push, see Understanding Direct Push.