We're in the final phase of upgrading our Hybrid Exchange server 2013 environment to Exchange 2019 and are upgrading the send connector. Our Hybrid server only has a management functionality, all mailboxes are migrated to Exchange Online. The hybrid server also is our relay smtp server for some products who aren't able to use authenticated submit.
Of cause we use Access Control Lists (ACL's) to protect from unwanted traffic. So we let the hybrid server communicate to the internet on port 25 and 587. But then we faced problems with connecting.
What happened? The dynamic port range for Exchange 2019 is different than on our 2013 hybrid servers. When we look with 'netsh int ipv4 show dynamicport tcp' we get this answer:
EX2013-HYB TCP 6005
EX2019-HYB TCP 49152
So the ACL's blocked the traffic because the range in the dynamic port range was out of bound for that occasion. The EX2013 are legacy servers when we had CAS/Mailbox/Transport Exchange servers while we currently only maintain one Hybrid server for production and one for Test & Acceptance.
My question is now: Can we maintain the dynamic port range Exchange 2019 setup has set out of the box? (49152 - 65535) Or can we face problems with future updates that might set it back to 6005?
I've searched but couldn't find an official answer from Microsoft.