Re: OWA placement



Thanks for the reply..We have ISA 2004 EE servers in the DMZ for web
publishing (between PIX firewalls)
Internet
PIX (outside)
ISA 2004 (not members of internal domain)
PIX (inside)
Internal network (AD, Exchange, OWA)

If I use ISA OWA publishing, what ports on the inside PIX do I need to open?



"Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx> wrote in message
news:uU4IbUZ4GHA.3604@xxxxxxxxxxxxxxxxxxxxxxx
Recommended on the inside network with mailbox servers - locating them on
perimeter networks (aka "DMZ") will involve opening enough ports from FEs
to the internal network (DCs/GCs/Exchange/DNS servers) to make your
firewall look like swiss cheese.

SSL VPN appliances like Whale's e-Gap (now part of Microsoft) provide a
highly secure way of publishing applications like OWA to the internet,
should your security policies require it.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Nathan" <caseynathan@xxxxxxxxxxx> wrote in message
news:OgrWc2Y4GHA.4976@xxxxxxxxxxxxxxxxxxxxxxx
Should the OWA servers be in the DMZ or the inside network with the
mailbox servers?






.



Relevant Pages

  • [fw-wiz] RE: PIX v7: routing without NAT
    ... Create another private network and assign it to your inside interface ... for the servers that need access to it from the internet. ... servers behind my PIX 515E to use the public IP ...
    (Firewall-Wizards)
  • Re: OWA placement
    ... PIX ... Internal network (AD, Exchange, OWA) ... If I use ISA OWA publishing, what ports on the inside PIX do I need to ... highly secure way of publishing applications like OWA to the internet, ...
    (microsoft.public.exchange.design)
  • Re: [fw-wiz] Question about a Cisco PIX 515 - Routing question (I think)
    ... The PIX accepts the ... packet from the Internet, changes the addressing to map the ... It may be easier to get the servers ...
    (Firewall-Wizards)
  • RE: Windows Server 2003 DNS behind a Cisco PIX firewall... help!
    ... > - Users outside on the public internet can see our servers just fine. ... My secondary DNS server can not load the zone information from the ... check access rules or NAT translation on PIX, can you, for example, ping ...
    (microsoft.public.windows.server.dns)
  • RE: IIS6 Security and other web servers
    ... IIS6 Security and other web servers ... I know of no Windows architecture that is exposed directly to ... I know of a number of LAMP-type servers that are ... exposed directly to the Internet with no intervening layers. ...
    (Security-Basics)