Configuring Direct Push to Work Through Your Firewall
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2006-06-16
Direct Push lets your mobile device stay up to date with your Microsoft Exchange Server 2007 mailbox. This topic provides information about how to configure your firewall to support Direct Push.
Direct Push operates by maintaining a long-standing HTTPS request between the mobile device and the Exchange Server computer. This request tells the Exchange Server computer to immediately notify the mobile device if any items in synchronized folders change during the life of the request. If any items change, the mobile device issues a synchronization request, synchronizes with the server, and then reissues the HTTPS request. If no items change during the life of the request, the request is reissued.
Because the request and the response travel over an HTTPS connection, the only port that you have to open on your firewall is port 443 for HTTPS traffic. No additional ports are required for Direct Push to operate.
To verify that port 443 is open, see your firewall documentation. You should also configure your firewall time-out value to be between 15 and 30 minutes. This ensures that the long-standing HTTPS request can stay open without expiring.