Re: OWA connectivity
- From: "Ed Crowley [MVP]" <curspice@xxxxxxxxxxxxxx>
- Date: Fri, 17 Nov 2006 10:43:29 -0800
Some of those are extremely dangerous ports. What you're suggesting as a
secure proposal is opening up your entire Active Directory, Windows and
Exchange infrastructure to a host on your DMZ. That is foolish in the
opinion of myself and many, many others. Allowing SSL port 443 only to one
host on your intranet, preferably through a proxy server, is far more secure
and much easier to monitor and maintain.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"
"T-Kay" <TKay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4C1D431E-8081-4A7E-900B-AF16D437937A@xxxxxxxxxxxxxxxx
Exchange uses a different port to communicate with other exchange servers.
Setting up an Exchange server in your DMZ will allow you to accept SMTP
port
25 traffic safely and only allow ports 691, 389, 3268, 88 from the front
end
server towards the internal exchange server and DC.
Allowing port 25 towards your LAN is asking for trouble.
I also understand you only worked with ISA server which, even though I
think
ISA is a good product, I feel is not a true firewall and should be used as
proxy server only.
Tom
"Ed Crowley [MVP]" wrote:
I'm extremely confident that I can tell you that your advice is contrary
to
the opinion of the vast majority of Exchange MVPs for the reasons in my
other post among others.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"
"T-Kay" <TKay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:80C81209-F5C4-4E96-836E-0DA3907BF6CA@xxxxxxxxxxxxxxxx
Bryan,
Pointing directly to your internal mail server is not something I would
expect from a firewall professional. Your setup with a DMZ and a front
end
OWA server is perfect. The reason for the connection problems could be
any
number of things. First I would check your firewall logs to check
connectivity and rule out the possibility of a firewall
misconfiguration.
I
would need more information to your problem to be more helpful.
"Bryan" wrote:
I have recently been having trouble connecting to OWA. My
configuration
has
a front-end server in a DMZ that I was hitting for OWA but I was told
by
my
firewall vendor to change my rule to point directly to my back-end box
on
my
LAN. Is this recommended? Any idea why I would have occasional
trouble
connecting to OWA when I was point to my front-end server?
Thanks.
--
Bryan
.
- Follow-Ups:
- Re: OWA connectivity
- From: T-Kay
- Re: OWA connectivity
- References:
- Re: OWA connectivity
- From: Ed Crowley [MVP]
- Re: OWA connectivity
- Prev by Date: Re: Need Info: Two Domains, One Exchange Server (2003)
- Next by Date: Re: OWA connectivity
- Previous by thread: Re: OWA connectivity
- Next by thread: Re: OWA connectivity
- Index(es):
