Kerpau!

I had a situation recently where I had a front-end/back-end Exchange Server 2003 configuration and had to lock down the access between the DMZ (where the front-end server resided) and the internal network (where the back-end server resided). The requirement was to open the minimum number of ports necessary for Exchange to get its job done. The information for Exchange was easy enough to find. But there wasn’t anything to be found on the ports that Antigen required.

Monitoring connections with netstat revealed that there were a number of ports used by the Antigen processes. But only a few were static and the others seemed to be mapped dynamically. I ended up contacting Microsoft on the issue and they were able to provide the answer. Microsoft states that “once messaging connectivity has been established between the two servers, there is nothing additional to configure for Antigen’s functionality.” It almost sounds too simple to be true!