Viviana Checa

Exchange 2016 with Static NAT Can't communicate win AD through firewall R80.10

Discussion created by Viviana Checa on Jun 7, 2018
Latest reply on Jun 15, 2018 by Vladimir Yakovlev

Hi guys,

Is good to hear about you, I have an issue about communications between Exchange 2016 on DMZ with Static NAT and Active Directory on Internal Network.

 

The tests made as follows:

 

1) The Exchange 2016 (with Hide NAT), communicate successfully with Active Directory on Internal Network,  this means, for example, the Service Microsoft Exchange Active Directory Topology on Exchange 2016 Server, runs well, start as automatic service with no issues.

 

2) The Exchange 2016 (with Static NAT), can not communicate with Active Directory on Internal Network,  this means, the Service Microsoft Exchange Active Directory Topology on Exchange 2016 Server do not start automatically, then it forces to start an I got an error "The Microsoft Exchange Active Directory Topology service on Local Computer started and then stopped. Some services stop automatically if they are not in use by others services or programs "

 

Drops on Logs:

ldap traffic dropped from Exchange DMZ to AD Reason: TCP packet out of state: Server to client packet of an old TCP connection

TCP_3268 traffic dropped from Exchange DMZ to AD Reason: TCP packet out of state: Server to client packet of an old TCP connection

 

Checkpoint Support recommended to set the TCP Session Timeout from 3600 to 7200. But it did not work. The service

Microsoft Exchange Active Directory Topology still not run.

 

Have you seen this issue?

 

I will appreciate your valuable comments for fix it!

 

Greetings

Viviana

Outcomes