We have a VPN dial-in system used for remote workers in Africa to | dial in and download email. This uses dual skinned firewalls and a | VPN Concentrator to secure the access. At the moment, the outer skin | only allows in IPSEC/IKE through and hence is fairly secure, but the | inner skin still has a pass all rule that I need to remove. | The problem is that the full Outlook Client is MAPI compliant and | uses MS RPC (sic) to talk to Exchange. As most firewalls can't track | the RPC calls, you either have to open a huge range of TCP ports | (which our Risk people won't allow) or you have to use fixed RPC | ports. (or use the Outlook Web client which is NOT an option). | I can find how to force Exchange to use fixed RPC ports, this is a | fairly simple Registry hack, but I can't find the same information | for the Outlook client machines. | Can anyone help me out? -- Steve Kerr Technical Specialist Barclays Africa
