Exchange and network ports
Q: Can network ports be restricted between Exchange servers within an environment?
A: No.
We continue to receive the question about putting firewalls in between Exchange servers. It’s a bad idea, so don’t do it. However, if your security team says you must do it, then we do have guidance available:
https://blogs.technet.microsoft.com/exchange/2013/02/18/exchange-firewalls-and-support-oh-my/
The short answer is, just allow an ‘any/any’ rule, or if the security team ask which port can you use, just mention all ephemeral network ports from 1024-65535.
Do customers successfully limit port traffic between production Exchange servers? Yes. It’s not advised and not even supported. That’s not to say support wouldn’t try and provide best effort if you have an issue. But overall, Exchange server architecture is not designed to have any restricted network port traffic being blocked between on premises Exchange servers within an organization.
So just don’t do it.
Mike