A. Organizations often have a perimeter network that contains systems that Internet-based users can access. Generally, for communication between the Exchange frontend and the Internet, the only port that needs to be open between the Internet and the perimeter network is HTTP-Secure (HTTPS) Port 443, which Microsoft Outlook Web Access (OWA) uses. You can also open ports 993 and 995 for Secure Sockets Layer (SSL)-based IMAP and POP communications, respectively. However, you'll need to open certain ports on the firewall between the internal network and perimeter network for communication between the Exchange back-end server and front-end server. Table 1 lists the required ports for Exchange communication. The front-end server also needs to communicate with Active Directory (AD) unless you have a domain controller (DC) in the perimeter network, which usually isn't a good idea. Table 2 lists the required ports for communication between the front-end server and AD. You also need to open port 135 plus a dynamically assigned range of ports 1024 and above for remote procedure call (RPC) communication. You can configure the DCs and Global Catalogs (GCs) to use a static port for the RPC communication, in which case you'd open port 135 and the static port set. You can find more information about setting the static RPC port in the FAQ "How can I restrict Active Directory (AD) replication traffic to a specific port?". (http://www.windowsitpro.com/articles/index.cfm?articleid=15569)
