Question : Controlling Exchange 2010 port usage + some mythbusting

Hello,

We've recently set up an Exchange 2010 server. Exchange has a lot of documentation on what ports must be opened, but some ports (which seem to be dynamic) that are blocked when users connect via VPN  are not covered by any documentation I have found so far.

Is there some simple way to tell Exchange 2010: I want you to use port X, Y and Z, and nothing else - ever? And can this be done without sending a 10-page e-mail to all users telling them how to configure their system?

We've also experimented with Outlook Anywhere. This works with VPN (and without) - nothing blocked.

Can anyone confirm/bust the following myths?

Myth #1: Using Outlook Anywhere on a portable (or desktop) computer that connects both to LAN and WAN, makes Outlook a lot slower, especially when on LAN.

Myth #2: Using Outlook Anywhere increases the load on the server.

Myth #3: Outlook Anywhere is a huge security risk

My big dream as the firewall admin in the house, is of course a solution that uses only one port and runs fast, and requires no manual changes on the user side :)

This again leads to the final question:

What is the best way to make all clients use Outlook Anywhere without sending the before mentioned 10-page email with pictures explaining where to click and what to type? Group Policy or can this be set somewhere on the Exchange server? (http is checked by default on most clients for some reason, but we need to check the "use http on fast networks" on all clients to make Outlook Anywhere work.

Answer : Controlling Exchange 2010 port usage + some mythbusting

1#  Busted...when at the LAN location Outlook Anywhere is not used.    

2#  Busted...Outlook connects over SSL does not put a extra load.    

3#  Busted.... it uses SSL...same type of certs that you use to access online bank accounts...

If you have Outlook 2007 or 2010 you can use autodiscover to auto config the profile