Re: FE-BE configuration
From: Gabe Matteson (gmatteson_at_inquery.biz.nospam)
Date: 02/22/05
- Next message: Gabe Matteson: "Re: message tracking log"
- Previous message: Gabe Matteson: "Re: Message Tracking Problem"
- In reply to: rocibh: "Re: FE-BE configuration"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Feb 2005 14:04:52 -0500
I think the cheapest and easiest solution would be to install an SMTP
gateway in your DMZ that handles all inbound and outbound mail (may include
virus scanning or spam filtering as options) and have it forward email to
your single exchange server on your LAN, that way you do not allow inbound
traffic from the internet to hit your mail server without first being
scanned for viruses or spam (offloading resources to the smtp gateway rather
than having your mail server process this) if you don't have an smtp gateway
solution, you can just install IIS SMTP on the dmz server and harden the OS.
- GM
"rocibh" <rocibh@discussions.microsoft.com> wrote in message
news:EE83FDFF-182C-4E38-82BE-B3D166DA97FA@microsoft.com...
> Thanks for your replay,
> do you mean that best options (configuration) for me is :
> move my existing mail server in local network, in my dmz install ISA, and
> publish exchange server. What is about cisco 515 PIX firewall.It's my
> primary
> firewall.How configure pix and iSA,please if you now anything about tell
> me.I
> can't find anything about cisco pix confuguration in case like mine on
> microsoft.com.
>
> Best regards,
>
>
> "Mark Arnold [MVP]" wrote:
>
>> On Thu, 17 Feb 2005 06:25:03 -0800, rocibh
>> <rocibh@discussions.microsoft.com> wrote:
>>
>> >In my company i have exchange 2000 enterprise server in DMZ.I have cisco
>> >515
>> >PIX firewall between my intranet,DMZ end Internet.
>> >I want to install another exchange 2000 server in my local LAN as
>> >back-end
>> >server, my existing exhange become front-end server.How can i configure
>> >that,move all mail box to new e-mail server (in lan), configure PIX to
>> >allow
>> >this comunication,... How can I configure without any changes on local
>> >client
>> >because they have configure outlook for exchange in my DMZ (it become
>> >front-end server).If configuration is possble please tell me about that
>> >,
>> >your expiriences, some link ,....
>> >Soon i plan to upgrade my domain on win2003 , end install exchange2003
>> >enterprise
>> >thanks,
>> >Best Regards
>>
>> There are a couple of things to understand here.
>> Exchange FE in a DMZ is not a recommended configuration. The
>> reccomended configuration is to use an ISA between two firewalls or an
>> ISA in a DMZ. Either way your FE and BE servers are on the LAN. There
>> are other supported configurations there but they aren't important
>> right now.
>>
>> So, assuming you must have an FE server, which is by no means
>> essential since you can easily use an ISA and then publsh the single
>> Exchange server, you will have problems and wasted cash with what you
>> propose to do.
>> Exchange 2000 FE servers require Exchange Enterprise Edition ($$$$$)
>> but Exchange 2003 FE servers can use Exchange Standard ($300)
>>
>> I would suggest more reading on microsoft.com/exchange before making
>> that final decision.
>>
- Next message: Gabe Matteson: "Re: message tracking log"
- Previous message: Gabe Matteson: "Re: Message Tracking Problem"
- In reply to: rocibh: "Re: FE-BE configuration"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
