search

aws-quickstart / quickstart-microsoft-exchange

AWS Quick Start Team
Apache License 2.0
24 stars 23 forks source link

Edge Subscription - reques tot change firewall on port 50636 from UDP to TCP #26

Open rosenbluh opened 4 years ago

rosenbluh commented 4 years ago

Edge subscriptions are failing because we are allowing only UDP but the edge subscription relies on secure LDAP which is TCP. Only UDP packets are allowed by the security group.

Could you please change udp to tcp in the templates?

Thanks.

templates/exchange-old.template - lines 2982-2986

                    "IpProtocol": "udp",
                    "FromPort": "50636",
                    "ToPort": "50636",
                    "CidrIp": {
                        "Ref": "PrivateSubnet1CIDR"

templates/exchange.template 0 lines 1760-1781 

EXCHEdgeSecurityGroup:
    Condition: DeployEdge
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable communications for Exchange Edge Transport Servers
      VpcId: !Ref VPCID
      SecurityGroupIngress:
      - Description: Edge Server directory synchronization
        IpProtocol: udp
        FromPort: 50636
        ToPort: 50636
        CidrIp: !Ref PrivateSubnet1CIDR
      - Description: Edge Server directory synchronization
        IpProtocol: udp
        FromPort: 50636
        ToPort: 50636
        CidrIp: !Ref PrivateSubnet2CIDR
      - Description: Edge Server directory synchronization
        IpProtocol: udp
        FromPort: 50636
        ToPort: 50636
        CidrIp: !Ref PrivateSubnet3CIDR
rosenbluh commented 4 years ago

I just figured out how to create a pull request.

https://github.com/aws-quickstart/quickstart-microsoft-exchange/pull/28