There have been a few requests for an Exchange 2013 network port reference article. Exchange 2007 and Exchange 2010 both had sections on TechNet with that title.
While the port reference is good to obtain a high level understand what Exchange is doing, many deployments would then start to deploy firewalls which blocked network traffic between Exchange servers and from Exchange to Domain Controllers. This prompted the publication of Exchange, Firewalls, and Support… Oh, my! onto the Exchange team blog. This is in addition to the support statement on TechNet which said network devices must not be configured to block network traffic. This statement is in the CAS section, but applies to all roles.
How does this relate to Exchange 2013? Well the same support policy applies.
Network Ports For Clients And Mail Flow In Exchange 2013
There was a recent update to the TechNet documentation to include content on this topic. The very first item that is called out is that:
“We do not support restricting or altering network traffic between internal Exchange servers or between internal Exchange servers and internal Active Directory domain controllers in any and all types of topologies. If you have firewalls or network devices that could potentially restrict or alter this kind of network traffic, you need to configure rules that allow free and unrestricted communication between these servers (rules that allow incoming and outgoing network traffic on any port—including random RPC ports—and any protocol that never alter bits on the wire).”
The documentation demonstrates how clients and services connect into Exchange 2013. The below excerpts show external connectivity to CAS 2013.