BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 02-19-2008, 07:32 AM   #1 (permalink)
New Member
 
Join Date: Feb 2005
Location: Ottawa
Model: 8700
Carrier: Bell/Rogers/
Posts: 11
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Static MAPI Ports with Exchange

Please Login to Remove!

My security team has been pushing hard to get our BES placed in an isolated network. I have been pushing back, but I have been asked to take a look at what it would take to make this happen. I know there are a couple of threads on this topic that talk about the pros and cons, but I haven't been able to find any info on the impact that switching the MAPI ports on Exchange from dymanic to static might have. Has anyone tried this? Any issues with BES our Outlook performance afterwards?
Offline  
Old 02-19-2008, 09:19 AM   #2 (permalink)
BlackBerry Extraordinaire
 
gibson_hg's Avatar
 
Join Date: Dec 2007
Model: NA
PIN: 80081ES
Carrier: NA
Posts: 1,006
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

You don't need to place the BES in the DMZ, just the Router has to be there. The Router will connect to the outside and the BES will communicate to the Router through 1 port. It's easier then setting up your Exchange to use static ports.

Also, if you have issues and call RIM you will be out of luck as it's also not supported.

If you change to static ports the BES doesn't care as long as MAPI still works. It's Exchange and Outlook users that will suffer the most if it doesn't work.

Remember that BES is just like Outlook, if MAPI works then BES/Exchange/Outlook works. If MAPI is screwed then so is the BES/Exchange/Outlook.

Here is the KB about placing the BES Router component in the DMZ:

BlackBerry Search Results

This might help with the people in your company. Just tell them that if the BES goes down and they want to call RIM for help that they may as well set the BES on fire.

Set it up properly and you will be fine, but it's up to you and the people in the company.
Offline  
Old 02-19-2008, 09:48 AM   #3 (permalink)
New Member
 
Join Date: Feb 2005
Location: Ottawa
Model: 8700
Carrier: Bell/Rogers/
Posts: 11
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks- Yeah, I have documented the support issues and the issues around MAPI communication being sensative to delays that could be caued by a firewall, but I seem to fighting a losing battle. It goes back to the bbproxy vulnerability. (even though there are still no known exploits) The security guys are worried about a zero day threat taking advantage of the encrypted comunication path from the handheld into our production server network. Noone here is worried about the SRP traffic so we really woudn't get much out of a DMZ router implementation. The security guys really want to be able to packet scan un-encrypted traffic from the BES before it gets to other production servers.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.