Firewall rules for Microsoft ActiveSync

This discussion has a more recent version.
Jali Posts: 1,769 F-Secure Employee

This article provides information about the firewall rules needed for Microsoft ActiveSync. It also gives instructions on how to configure the firewall to allow Microsoft ActiveSync.

Microsoft ActiveSync uses the following applications for the communication:
  • Wcesmgr.exe
  • Wcescomm.exe
  • Rapimgr.exe

To configure the firewall, go to the Application Control settings and allow the above applications to act as a client and a server to allow connections between your computer and the mobile device.

Microsoft ActiveSync uses the following ports for the communication:
  • Inbound TCP:
    • 990
    • 999
    • 5678
    • 5721
    • 26675
  • Outbound UDP:
    • 5679

Make sure that these ports are not blocked before the dynamic Application Control rules in your firewall rule list. ActiveSync creates a private personal area network for the device and the virtual network adapter so you can limit open connections to this range.

Note: The connection might not work if the active firewall ruleset specifically denies something that ActiveSync needs. For example, the incoming TCP and UDP traffic is denied separately in home and mobile profiles before Application Control rules.