This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LDAP works but NAT isn't forwarding. How?

Hi,

It's working at the moment, so this is more of a curiosity than anything else.

The only forwarding to my mail server (Kerio Connect) I have enabled on my UTM is 443 for webmail. I have Email Protection set up (simple mode) with my mail domain, and my Mail Server in the Host List. When I connect with Outlook from outside my gateway, all works, including my contacts, which tells me LDAP is somehow working. I always assumed Exchange used some combination of LDAP, SMTP, etc to make things work, but maybe not?

According to ms's site, it does use ldap (though a "non-traditional port"), so I'm confused. Does the UTM's Email Protection have some special way of connecting all needed mail/exchange ports outside of the traditional NAT?

Thanks,

Jeff



This thread was automatically locked due to age.
Parents
  • Hello Jeff,

    I'm a little bit unsure about the contents of your question. I'll try to answer as best guess. You use Outlook and connect to your server via port 443. Contacts in outlook are not validated via ldap in every case. Outlook can handle your contacts in the address book or the GAL . These are synchronized via active sync protocol too. So your Outlook Client does a lot of tunneling via port 443. It's by design that everything goes over 443, because often only port 80 and 443 are free to use. Otherwise a lot of clients would have problems if they try to connect via other ports.
    For example the tunneled RPC over HTTP a long time, now it's MAPI over HTTP in most cases.

    The Email Protection has nothing to do with it. This part of UTM handles only the 'email' traffic, a little flat explained.

    Best regards

    Alex

    -

Reply
  • Hello Jeff,

    I'm a little bit unsure about the contents of your question. I'll try to answer as best guess. You use Outlook and connect to your server via port 443. Contacts in outlook are not validated via ldap in every case. Outlook can handle your contacts in the address book or the GAL . These are synchronized via active sync protocol too. So your Outlook Client does a lot of tunneling via port 443. It's by design that everything goes over 443, because often only port 80 and 443 are free to use. Otherwise a lot of clients would have problems if they try to connect via other ports.
    For example the tunneled RPC over HTTP a long time, now it's MAPI over HTTP in most cases.

    The Email Protection has nothing to do with it. This part of UTM handles only the 'email' traffic, a little flat explained.

    Best regards

    Alex

    -

Children