Hello, I am testing a new Exchange 2013 deployment that is using database availability groups. Our topology is we have two hub locations with a CAS and Mailbox Server in each for site resilience and a file share witness in a third site. In testing by simulating
failovers, both automatic and manual, our experience so far is overall positive with one exception. We have a software firewall (Symantec Endpoint Protection) and it is causing a lot of issues for the cluster. What I am noticing is that the virtual cluster
adapter is sending over traffic using an IPv6 address link local. That address seems subject to change so I tried to unblock the traffic by the MAC address which also appears to be subject to change. The software I'm using doesn't allow to unblock based on
IPv6 specific addresses and now that I can't use the MAC to unblock I'm kind of stuck. I'm reluctant to disable IPv6 as that is against recommendation. It seems that Exchange is simply not friendly with firewalls at all and I'm getting a little frustrated
trying to secure it. So far, the best I can come up with is to just find the specific ports involved but allow them from all hosts and to all adapters. Does anyone else have experience that they can share with me on how you've secured your Exchange servers
in a site resilient cluster scenario? Thank you in advance for your time!
↧