Re: Need instructions on setting up single-server OWA

From: "Rich Matheisen [MVP]" <richnews@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 01 May 2007 22:19:46 -0400

"Joe Grover" <grover.joe@xxxxxxx> wrote:

OWA should be installed and operational by default in an Exchange 2003
deployment, so all you need is to have the ports open on your firewall.

It is recommended to have the front-end or proxy server in a DMZ because you
wouldn't generally want port 80 on your Exchange server open to the whole
world. For this reason it is suggested that you install a SSL certificate
on the box and only open port 443 in your PIX. Your users will need to use
https://yourservername/exchange to access OWA. If any of them piss and moan
about having to use SSL you can assure them that such a minor inconvenience
is far more preferable than the downtime the server would have should it be
compromised by some new port 80 exploit. :)

How is HTTP (port 80) different to HTTPS (port 443) w/r/t exploits?
SSL only goes as far as the transport layer in the IP stack. By the
time it hits the application (not the application layer) it's the same
no matter what you used to encrypt the channel. The only thing HTTPS
does for you is to prevent snooping on the data sent over the wire and
part way up the IP stack.

An ISA server can act as an application layer firewall. It inspects
the contents of each packet. A "regular" firewall that doesn't
terminate the SSL connection can't see what's inside those encrypted
packets.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
.

Follow-Ups:
- Re: Need instructions on setting up single-server OWA
  - From: Joe Grover
- Re: Need instructions on setting up single-server OWA
  - From: Joe Grover

References:
- Re: Need instructions on setting up single-server OWA
  - From: Joe Grover

Prev by Date: Can I set up a rule for all mailboxes?
Next by Date: Re: ActiveSync issues (one way sync) Treo 700w
Previous by thread: Re: Need instructions on setting up single-server OWA
Next by thread: Re: Need instructions on setting up single-server OWA
Index(es):
- Date
- Thread

Relevant Pages

Re: How to Maintain an IIS Server?
... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
(microsoft.public.inetserver.iis.security)
Re: CEICW fails at firewall config
... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
(microsoft.public.windows.server.sbs)
Re: How to Maintain an IIS Server?
... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
(microsoft.public.inetserver.iis.security)
Re: Activesync / Airsync - Alternative Ports
... Setup a reverse HTTP proxy. ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to ...
(microsoft.public.pocketpc.activesync)
Re: Activesync / Airsync - Alternative Ports
... "Chris De Herrera" wrote: ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to 8888 ...
(microsoft.public.pocketpc.activesync)