Re: New to ISA2004 and FE Exchange 2003

From: "Mark Arnold [MVP]" <mark@xxxxxxxx>
Date: Sat, 19 Aug 2006 10:05:36 +0100

You should have read the scenario guide before posting a response.
Since you havent't:
Exchange in a DMZ requires a number of ports open between the DMZ and
the internal network, ports that go to Domain Controllers. Now, do you
want me to go on about how undesirable that is?

The options are to simply put the FE on the internal network and only
publish TCP443 to it. An alternative is to use an ISA server and not
actually have an FE.

I would encourage you to read the documnent and compare it to what you
already have and how you would like to operate.
.

References:
- Re: New to ISA2004 and FE Exchange 2003
  - From: Mark Arnold [MVP]

Prev by Date: configure external DNS
Next by Date: Virtual SMTP servers folder are created on c: as default
Previous by thread: Re: New to ISA2004 and FE Exchange 2003
Next by thread: Basic setup question from the Exchange challenged.
Index(es):
- Date
- Thread

Relevant Pages

Re: Protecting an Exchange server?
... >internal network and place some kind of email appliance on our DMZ to ... It's not an appliance, per se, but pretty close. ... >appliance out on the Internet and my Exchange server behind the firewall on ... the box on the DMZ. ...
(Security-Basics)
Re: Deploying microsoft exchange 2003
... Not recommended in the DMZ - it typically sits on your internal network, ... I haven't worked before with microsoft exchange but now, ... DMZ or inside. ... some clients in the external network. ...
(microsoft.public.exchange.design)
Re: Unable to join AD domain from DMZ network
... > the captured traffic between the server in DMZ to the DC from internal ... >> unless you lock it down to a specific port. ... >>> authentication from DMZ to 2003 AD internal network. ...
(microsoft.public.windows.server.active_directory)
Re: [SLE] SuSEfirewall2 logging
... That alleviates one response. ... DMZ and my internal network: ... FW-ACCEPT messages for are the responses from port 800 in my DMZ back to ... traffic, or that it's a low port, but I also have this rule for printing ...
(SuSE)
RODC deployment in DMZ,
... I am in the middle of migration AD and Exchange. ... The client is asking if RODC is supported in DMZ. ... I am not able to locate any information so far if MS is supporting the RODC ... with limited risk towards your internal network when the box gets ...
(microsoft.public.windows.server.active_directory)