Service

TCP Port Number

Inbound Access

Recommendations

E-mail

25

Allow if you are using Exchange to receive Internet e-mail.

Web server

80 (required for HTTP requests for your site) and 443 (required for HTTPS requests using Secure Sockets Layer (SSL), which secures communications from your server and a Web browser)

Allow if users on the Internet need to access specific Web-site services on your server.

Web-site services that use port 80 and/or port 443 include the following:

-Microsoft® Office Outlook® Web Access (OWA)

-Windows Small Business Server 2003 server performance and usage reports

-Outlook Mobile Access (OMA).

-Business Web site (wwwroot), which allows users to access the company's Internet Web site from the Internet.

-Outlook via the Internet (RPC over HTTP) feature of Outlook 2003.

Windows SharePoint Services intranet site

444

Allow if users securely access the intranet Web site created by Microsoft® Windows® SharePoint™ Services from the Internet.

Remote Web Workplace

4125 and 443

Allow if users securely access Remote Web Workplace to:

-Connect to the local network from OWA

-Create a direct Remote Desktop Web (RWW) Connection to client computers on the local network.

-Use the Windows SharePoint Services intranet site (this also requires port 444, as noted above).

-Download Connection Manager to configure the remote client computer for remote access (using remote access also requires that port 1723 be open, as noted below).

Virtual private network (VPN)

1723

Allow if remote clients connect securely to the network using a VPN connection to use resources as if the client was connected locally.

Terminal Services

3389

Allow if remote clients connect to the computer running Windows Small Business Server 2003 using Terminal Services.

File transfer protocol (FTP)

21

Allow if remote clients use file transfer protocol (FTP) to connect to the computer running Windows Small Business Server 2003.