Okay, I got a phone call that the owner’s son at a customer site has picked up a BlackBerry Storm and is traveling across the country tomorrow and needs it configured. How do you do it? Like this:
All you need to do to get IMAPS (TCP Port 993) to work for external clients is create a TMG rule. You’ll want to use IMAPS only, not IMAP, so you’ll keep your email and credentials secure. Once you create the following rule in TMG, you can go to your cellular provider’s BIS site (http://bis.na.blackberry.com/html?brand=vzw for example) and drop your email address and password in. You’ll be setup in no time. By the way, the reason we’re not using the OWA interface for this is that RIM has not figured out how to get around the way TMG handles the OWA page. RIM’s support doc ID: KB04804 states that they can’t get through because of the CookieAuth.dll it puts in the Web address.
Example steps to create a new TMG Publishing Rule:
1. Create new “Non-Web Server Protocol Publishing Rule.”
2. Name it something similar to : Allow incoming email by publishing IMAPS Mail Server – “Your name here.”
As a side note, it is always good to sign your rules in TMG so you can track what is default and who created what.
3. Input your MSG Server IP address (or browse to it in the interface and it will put the IP in for you).
4. Under Selected Protocol choose IMAPS Server from the drop down menu.
5. Listen from External.
6. Select Finish.
For placement in the ISA, I mean Forefront Threat Management Gateway, Firewall Policy list, I placed right below the default “Allow incoming email
by publishing SMTP Mail Server” rule.
7. Select Apply and you’ll be ready to go with your IMAPS external clients.
Hope this helps save someone else the hours I spent figuring it out (don’t publish to the SEC server for example). 😉