Re: MS EXchange behind NAT
- From: "Bharat Suneja" <bharatsuneja@xxxxxxxxxxx>
- Date: Wed, 31 Aug 2005 07:22:17 -0700
Replies inline.
--
Bharat Suneja
MCSE, MCT
--------------------------------
"Tekno" <Tekno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4CC32186-20C6-423B-B4CC-9ECF4119E6CE@xxxxxxxxxxxxxxxx
> Thank you very much for very useful your quick answer.
> I need more help please.
> Here is my situation:
> I work for a small companies with 50-70 users, with only one Linux server
> for the business application, and one Windows Server 2003 as a Domain
> Controller, file server, DNS, and internal hosting only. We may add one
> more
> server as an Exchange server if we have to.
>
> Some question regarding your 4 options:
>
> "Bharat Suneja" wrote:
>
>> Depends on your environment/security policy and concerns, and what you're
>> trying to accomplish.
>>
>> You can:
>> 1) open smtp on your firewall to internal Exchange. Most people are not
>> comfortable with that, though small companies typically end up doing
>> this.
>
> Open smtp on my firewall to internal exchange, does that mean open all
> ports
> need by exchange? and use private ip for the exchange server?
--- no, only smtp port 25 from internet to exchange server on internal
network. exchange sits on the internal network, so yes, pvt ip for exchange.
once again, not a very secure solution, but something small companies
frequently end up doing.
>> 2) Use a non-Exchange/non-domain member or linux/unit smtp box as smtp
>> gateway in your dmz, open smtp from Internet to that box in dmz, open
>> smtp
>> from that particular box only to internal exchange bridgehead/mailbox
>> server. Very common.
>
> Is this secure solution than the other? Do I need to add antispam and anti
> virus in that linux smtp box? What critical things do I need for this set
> up?
-- certainly more secure than #1. Don't *need* to add antispam and antivirus
to the gateway (linux or windows) smtp box, but it helps stop a lot of spam
and viruses from entering your network at all.
>
>> 3) Use ISA.
>
> How I suppose to set up the ISA configuration. Behind Router firewall, can
> I
> set up the ISA setup in the same box with the Exchange server and make the
> exchange server in a DMZ zone?
-- ISA would be dual-homed. Don't recommend setting up ISA on same box as
Exchange. (For a good small business solution check out SBS 2003).
>
>> 4) Use a hosted smtp service that does antispam/antivirus, allow only
>> their
>> ip addresses to smtp to a dmz host, allow only dmz host to smtp to
>> exchange
>>
> Is this # 4 option the best solution for me for security and easy to
> configure?
-- Not very difficult, and perhaps more secure because the service
provider's smtp is exposed to the internet, and saves you the trouble of
setting up a smtp gateway in a dmz, and dealing with antispam and security
issues. The only issue here is recurring monthly cost.
>
>
>> You do not want to put an Exchange box in the dmz - will need to open a
>> lot
>> of ports to talk to dcs/gcs/other exchange boxes. Tyipically Exchange is
>> set
>> up on the internal network.
>>
>> --
>> Bharat Suneja
>> MCSE, MCT
>
>
> Once again thank you very much for your help.
>
> Tekno Budi
>
>
>
>> --------------------------------
>>
>> "Tekno" <Tekno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:6FB6A421-1D7A-4BE5-B347-3AE05BAADF7C@xxxxxxxxxxxxxxxx
>> > Can I setup my MS exchange server2003 behind NAT? Or should I put it in
>> > DMZ
>> > zone? If I can use NAT without putting in DMZ, it will only work for
>> > internal
>> > email, won't it?
>> >
>> > Thanks.
>> > Tekno
>>
>>
>>
.
- References:
- MS EXchange behind NAT
- From: Tekno
- Re: MS EXchange behind NAT
- From: Bharat Suneja
- Re: MS EXchange behind NAT
- From: Tekno
- MS EXchange behind NAT
- Prev by Date: Reinstalling exchange server
- Next by Date: Re: Exchange noob
- Previous by thread: Re: MS EXchange behind NAT
- Next by thread: Loadsim 2003
- Index(es):
Relevant Pages
|
