We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How should I configure the Email Security Gateway to forward ActiveSync traffic using the Port Forwarding feature?

  • Type: Knowledgebase
  • Date changed: 10 months ago
Solution #00003523

All Email Security Gateways, firmware versions 3.5 and above.

To be able to use ActiveSync with your mail server while you are forwarding mail from your firewall or router to your Email Security Gateway (rather than forwarding traffic directly to your mail server), you will need to forward several specific ports on the Email Security Gateway to your mail server. This solution assumes you are configuring your mobile device to sync with the external IP address that forwards to the Email Security Gateway, and you want to sync with the mail server behind the Barracuda. Just follow these steps:
  1. Change the SSL port that Barracuda uses to 444 on the Advanced > Secure Administration page (the default SSL port is 443). This means that in order to access the Email Security Gateway's web interface over HTTPS, you will need to use a URL like this:


    Where <IP> is the IP address of the Email Security Gateway.
  2. Make sure the Barracuda's web interface port is set to something other then port 80 on the Basic > Administration page (usually this is not an issue, because the default administration port is 8000).
  3. Go to the Advanced > Advanced Networking page and forward ports 80 and 443 (the required Microsoft ActiveSync ports) to your mail server. For example, to forward port 80 to your mail server, you would enter 80 as the Source Port, the IP address of your mail server as the Destination IP, 80 as the Destination Port, and click Add.

Additional ports may be required depending on the service being accessed.

Additional Notes:

The reason you need to change port 443 to port 444 is that the Email Security Gateway uses port 443 for HTTPS access. Otherwise, trying to use port 443 for HTTPS and port forwarding at the same time will cause a port conflict.


Here are some additional ports that may be required, depending on your Active Sync service:


990 (RAPI)

999 (Status)

5721 (DTPT)

5678 (Legacy Replication)

5679 (Handshake & Legacy Replication)

26675 (Airsync)

If any of these are needed, just configure them on the Advanced > Advanced IP Config page, as you did ports 80 and 443.

Link to This Page: