Hi Al We used the host file so that we didn't have to poke additional holes on our firewalls for DNS resolution. And yup, port 80 is also necessary from ironmail to OWA. Hope that helps, Cheers, Alex. -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Tuesday, December 30, 2003 10:25 AM To: [ExchangeList] Subject: [exchangelist] RE: Deploying Exchange 2003 http://www.MSExchange.org/ Thanks Alex. That's helpful. Still curious: any reason to use the hosts file vs. DNS at this point? I'm thinking you also opening TCP 80 to the BE server, right? -----Original Message----- From: Alejandro Contreras [mailto:acontreras@xxxxxx] Sent: Tuesday, December 30, 2003 10:17 AM To: [ExchangeList] Subject: [exchangelist] Deploying Exchange 2003 http://www.MSExchange.org/ Hi Al, I agree with what you've mentioned below. The only reason we added the additional OWA zone was in order allow our IDS people to monitor all traffic between the appliance and OWA, and OWA and the Domain controllers inside. We actually left all ports open between the OWA zone and the trusted network at first, and then locked it tight so only the authentication and communication ports where open. Application Server To KDC Return traffic Initial ticket request 88/udp xxxx/udp Kerberos 5-to-4 ticket conversion 4444/udp xxxx/udp LDAP 389/tcp xxxx/tcp Used a host file entry on OWA for DCs. I think I got all of them. Cheers, Alex. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------