Microsoft KB Archive/294297

= XCCC: TCP/IP Ports Used by Microsoft Mobile Information Server =

Article ID: 294297

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Mobile Information Server 2001 Enterprise Edition

-



This article was previously published under Q294297



SUMMARY
This article describes the Transmission Control Protocol/Internet Protocol (TCP/IP) ports that are used by Mobile Information Server. This article also describes scenarios where you may need to open these ports on a firewall to allow access for mobile users.



MORE INFORMATION
When you run Mobile Information Server in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet), open the following ports on the router between the perimeter network and the internal network:
 * 80 - Hypertext Transfer Protocol (HTTP)
 * 53 - Domain name system (DNS)
 * 88 - Kerberos (if you are using NTLM)
 * 135 - Remote procedure call (RPC)
 * 137 - NetBIOS Name Service
 * 138 - NetBIOS Datagram Service
 * 139 - NetBIOS Session
 * 389 - Lightweight Directory Access Protocol (LDAP) (TCP/User Datagram Protocol [UDP])
 * 1026 - RPC
 * 3268 - Global Catalog with LDAP

However, if you are using IPSec to secure traffic between Mobile Information Server and the internal network, allow only the following through the firewall for inbound and outbound traffic:
 * IP Protocol 50 - Encapsulating Security Protocol (ESP)
 * IP Protocol 51 - Authentication Header (AH)
 * UDP port 500 - ISAKMP

Additional TCP and UDP ports may be required to allow Kerberos. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

233256 How to Enable IPSec Traffic Through a Firewall

On the external firewall between the perimeter network and the public network, the following ports must be available:
 * For Exchange 2000 notifications:
 * 25 - SMTP (if you are using SMTP carriers)
 * 80 - HTTP (if you are using HTTP carriers with Mobile Information Server Carrier Edition)
 * 50, 51, UDP 500 - IPSec (if you are using an HTTP carrier with the IPSec policy)
 * For Exchange 2000 browse:
 * 80 - HTTP (if you are not using secure HTTP)
 * 443 - HTTPS (if you are using secure HTTP over Secure Sockets Layer [SSL])
 * For Exchange Server 5.5 browse:
 * 80 - HTTP (if you are not using secure HTTP)
 * 443 - HTTPS (if you are using secure HTTP over SSL)

In addition, Exchange Server 5.5 browse requires the following additional ports to be opened on the internal firewall:
 * 1024 and higher - Dynamic RPC

When you set Exchange Server 5.5 RPC ports statically, you can avoid the need for all ports higher than 1024 for dynamic RPC.

Keywords: kbinfo KB294297

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.