Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

Reply
Contributor
Posts: 20
Registered: ‎11-03-2008
My Device: Not Specified

Blackberry Pro behind ISA 2000 - Port 3101 Blocked

Hello all,

 

I'm installing Blackberry Professional on our SBS 2003 server. It has ISA 2000 (I think SP2) and Exchange 2003 on it. The problem that I am having is that ISA is blocking the Blackberry Software from communicating to the outside on port 3101 (TCP). The Blackberry guide says that it only needs to initiate an outbound connection on port 3101 (TCP).

 

In ISA I have set up the following Packet Filter:

 

Allow

Direction: Out

TCP

Local Port: 3101 (Fixed)

Remote Port: All Ports

 

I also have a protocol rule, which allows all IP traffic from our internet users and the account that is used by Blackberry.

 

Still having no luck connecting. The Packet Filter Log shows that it's communication is still being blocked.

 

Here are the entries from the packet filter log that show's it's being blocked.

 

PFlogDate PFlogTime SourceAddress DestinationAddress Protocol Param#1 Param#2 TcpFlags FilterRule Interface IPHeader Payload SQLserverDateTime ----------------------- ----------------------- ------------------------- ------------------------- -------- -------- -------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------- ------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------- 2008-11-03 00:00:00.000 1899-12-30 09:32:33.000 192.168.1.2 204.187.87.33 Tcp 34402 3101 - BLOCKED 192.168.1.2 - - 2008-11-03 09:32:33.503 2008-11-03 00:00:00.000 1899-12-30 09:32:27.000 192.168.1.2 204.187.87.33 Tcp 34402 3101 - BLOCKED 192.168.1.2 - - 2008-11-03 09:32:27.503 2008-11-03 00:00:00.000 1899-12-30 09:32:12.000 192.168.1.2 206.51.26.33 Tcp 34402 3101 - BLOCKED 192.168.1.2 - - 2008-11-03 09:32:12.503 2008-11-03 00:00:00.000 1899-12-30 09:32:06.000 192.168.1.2 206.51.26.33 Tcp 34402 3101 - BLOCKED 192.168.1.2 - - 2008-11-03 09:32:06.503

 

Any help would be greatly appreciated.

 

Thanks.

Contributor
Posts: 11
Registered: ‎05-31-2008
My Device: Not Specified

Re: Blackberry Pro behind ISA 2000 - Port 3101 Blocked

The firewall needs to be able to receive on 3101 as well. It should be set to outbound initiated bi-directional communication. Even though it can send to the bb infrastructure it cannot receive.

 

Hope this helps!

Forums Veteran II
Posts: 2,744
Registered: ‎04-01-2008
My Device: Bold

Re: Blackberry Pro behind ISA 2000 - Port 3101 Blocked

for reference:

 

KB03735 - Firewall and connection requirements for the BlackBerry Enterprise Server

------------------------------
If you've found a solution through a post; please mark it as a solution.
If someone's was particularly helpful, give them kudo's!.


Get busy living, or get busy dying.

http://blog.port3101.org/hdawg/
Contributor
Posts: 20
Registered: ‎11-03-2008
My Device: Not Specified

Re: Blackberry Pro behind ISA 2000 - Port 3101 Blocked

Thanks.  I meant to respond earlier.  I got it to work by creating packet filters for each of the ip masks, mentioned in the firewall guide, that allowed communication on all ports (outbound initiated).  I think it should still be secure since the communication is only allowed when it is connected to one of Blackberry's addresses.  Let me know if this should be ok.

 

Thanks for your help.