Small Business Server 2011 Essentials (SBS 2011 Essentials) is a little different from previous versions of SBS that we’ve all come to know and appreciate. SBS 2011 Essentials does not have an on premise mail server, or Sharepoint Companyweb. As a result it requires fewer ports open than SBS 2011 Standard or previous versions of SBS.
If you have a uPnP router then all the hard work is done for you by the Internet Address Management Wizard that you run during configuration of the server. It will automatically open port 80 and 443 which is all you need.
If however you are like me and want to control the router/firewall directly then you will need to manually configure the following ports to be open and forwarded to your SBS 2011 Essentials server.
Port 80 – does NOT need to be open at all in reality. It’s there to provide an easy redirect for our users when they go to access the Remote Web Access feature of SBS 2011 Essentials. Having this port open allows the user to type in remote.mycompany.com into a web browser which will then go direct to our server. The server will immediately redirect the user to https://remote.mycompany.com/remote so that all traffic is encrypted. You can safely close this port to reduce your attack profile but you will need to train your users to type in the full URL of https://remote.mycompany.com/remote. My advice is to train your users – put this URL on the back of a business card for them to make it easy to handle.
Port 443 – this is a mandatory one. This needs to be open and forwarded to your SBS 2011 Essentials server to allow access to the Remote Web Access website. All traffic over this connection is encrypted so it’s safe and secure. If this is not open then none of these functions will work outside your office.
That’s it really – SBS 2011 Essentials, due to it’s reduced on premise functionality requires fewer ports to be opened on your firewall and an easier configuration all round.
Thank you. Amazing that this is info isn’t clearly available in either the Remote Access setup wizard, or immediately easy to find on MS’ own help site that you are redirected to.
Everyone loves what you guys tend to be up too.
This type of clever work and coverage! Keep
up the fantastic works guys I’ve added you guys to blogroll.