Exchange ActiveSync - Firewall Timeout

Since Exchange Server 2003 SP2 Microsoft has included Direct Push as a feature of ActiveSync. Direct Push simply keeps the device up to date as new content is ready to synchronise. ActiveSync Direct Push has been licenced or is supported on a wide range of platforms from devices to competing mail servers.

It’s pretty straight forward:

  1. The client sends a long standing HTTPS request to the server to notify the device if any items configured to synchronise change in the next 15 (heartbeat) minutes.
  2. If after 15 minutes no items change the server returns a HTTP 200 OK, the client wakes up and send a new HTTPS request.
  3. If there is an item change on the server within the heartbeat internal a response is sent to the client which triggers a synchronisation for the changed item.

If the firewall/network timeout is set lower than the 15 minute heartbeat this can result in clients sending HTTPS requests more frequently, increasing the wake up time and battery consumption.

For optimum performance you should look to have firewall timeout values set between 15-30 minutes, I often opt for the 30 minute mark. You will need to configure this on firewalls or proxies between your CAS and the internet.

I’m pretty sure any mobile operator will have a decent timeout value so shouldn’t present an issue, but in the early days of Direct Push and WM5.x + MSFP I do remember this causing problems.