Zachary Loeber

I eat complexity and am never without a meal.

Exchange 2010: Automated Firewall Rule Generation

A single, or even a dual site Exchange 2010 deployment does not usually require too much internal firewall manipulation. But if you have to setup a Exchange 2010 environment where there are many global sites or a heavily segmented network, the number of firewall requests required to get a fully functioning configuration working can be daunting. Wouldn’t it be nice to have some of those firewall rules automatically generated for you?

Here is a quick powershell script I put together while on vacation to accomplish such a task.

ExchangeEnvironment.csv is a fictitious 2010 environment with three sites, one which has edge servers, the other two go through a third-party antispam vendor (used messagelabs as an example).

FirewallRules.csv is self-explanatory, it contains a tabular list of all the firewall requirements for all roles in an exchange environment. I’ve connected with Michel de Rooij over at Eightwone to go over this for accuracy so this may be updated very soon.

Firewall-request.csv is the example output when the script is run as is.

GenerateFirewallRules.ps1 is the hacked together script that takes the two input files and spits out our firewall-request.csv file.

The areas which I’ve probably not fleshed out so much are where there are exceptions. I tried to think of as many as possible though. Let me know what you think.