Firewall Requirements for Exchange Hybrid with Office 365

Updated on 19 Jun 2015

It is critical that an on premise environment be prepared before establishing an Exchange hybrid configuration with Office 365. Firewall settings are the key to ensuring proper communication for federation and mail flow.

Below are some excellent references to help with accomplishing the required firewall rules for an Exchange hybrid configuration.

*It is important to understand that if a firewall is configured only to allow a specific range of IP addresses for inbound SMTP traffic that we use the correct list of IP addresses when implementing a hybrid configuration with Office 365. The experience today with the previous list that was being used was not allowing the Office 365 validation tool for the outbound connector to connect to the customer’s on premise Exchange server–as well as not allowing Office 365 originated mail to be delivered to the on premise organization. After contacting Office 365 support, they provided this list of IPs (which is essentially the same but different with IP addresses for EOP) to configure on the firewall. Once the firewall rules were updated, mail started flowing from Office 365 to the on premise environment.

If the firewall rules aren’t configured with the proper IP addresses, this error may appear in a message trace on an item pending delivery…

Reason: 450 4.4.101 Proxy session setup failed on Frontend with  '441 4.4.1 Error encountered while communicating with primary target IP address: "Failed to connect. Winsock error code: 10061, Win32 error code: 10061." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

This is a screenshot of the message trace…

Firewall Issue 1 - Message Trace

Also, if the firewall isn’t configured properly, the connector validation will fail…

Firewall Issue 2 - Validation

Advertisements

One thought on “Firewall Requirements for Exchange Hybrid with Office 365

  1. Pingback: Firewall Requirements for Exchange Hybrid with Office 365 | ODDYTEE | JC's Blog-O-Gibberish

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s