How to bulk create Office 365 mailboxes for existing AD users in Exchange Hybrid configuration?…
Are you following the course Exchange Hybrid? You know that the Exchange Hybrid firewall ports are required before going further. After that, we can run the Exchange Hybrid Wizard and start migrating mailboxes, sending, and receiving between on-premises and Office 365. In this article, you will learn about Exchange Hybrid firewall ports requirements. Let’s get into the Exchange firewall configuration.
Table of contents
There are multiple scenarios for Exchange Hybrid architecture. It all depends on which Exchange Server version you use in the organization and if you want to have High Availability (load balance) for Exchange Hybrid servers.
Important: Read the article Exchange Hybrid design and planning before you go further.
Note: The Exchange Hybrid server is when you run the Hybrid Configuration Wizard and select that Exchange Server in the wizard to be the Exchange Hybrid server. You can choose one or more Exchange Servers to act as Exchange Hybrid. It can be an Exchange Server with or without mailbox databases.
Configure Exchange Hybrid firewall ports
It’s important to open the following four firewall ports for mail flow and connections. It will enable the Exchange Hybrid server to communicate with the Exchange Online endpoints outside your organization.
|Encrypted web connections||443/TCP (HTTPS)||Exchange Online endpoints||192.168.1.52|
|Encrypted web connections||443/TCP (HTTPS)||192.168.1.52||Exchange Online endpoints|
|Inbound mail||25/TCP (SMTP)||Exchange Online endpoints||192.168.1.52|
|Outbound mail||25/TCP (SMTP)||192.168.1.52||Exchange Online endpoints|
In our example, the Exchange Hybrid server IP address is 192.168.1.52. We did select that Exchange Server when running the Hybrid Configuration Wizard.
Exchange Hybrid firewall ports for mail flow and services
To get clients and mail flow working between Exchange Server and Exchange Online, opening port 443 and port 25 on the firewall is very important. These are inbound and outbound firewall rules for both ports.
|On-premises Exchange Servers used to publish Exchange Web Services and Autodiscover to Internet||443/TCP (HTTPS)||Exchange Online endpoints||Exchange Hybrid|
|On-premises Exchange Servers used to publish Exchange Web Services and Autodiscover to Internet||443/TCP (HTTPS)||Exchange Hybrid||Exchange Online endpoints|
|On-premises Exchange Servers configured to host receive connectors for secure mail transport with Exchange Online in the Hybrid Configuration wizard||25/TCP (SMTP)||Exchange Online endpoints||Exchange Hybrid|
|On-premises Exchange Servers configured to host send connectors for secure mail transport with Exchange Online in the Hybrid Configuration wizard||25/TCP (SMTP)||Exchange Hybrid||Exchange Online endpoints|
You learned how to configure the required Exchange Hybrid firewall ports. The Exchange Hybrid firewall ports are essential for communication between Exchange Online and Exchange on-premises. Using the Exchange Online endpoints instead of ALL (everyone) will give you a layer of protection.
Did you enjoy this article? You may also like Exchange Server in DMZ or LAN network. Don’t forget to follow us and share this article.