Firewall Wizards mailing list archives
RE: Exchange Questions
From: Russ <Russ.Cooper () rc on ca>
Date: Thu, 13 May 1999 14:27:12 -0400
Rex rote;
If I was setting up a DMZ, using Firewall-1, what advantage would there be if I put my Exchange server & Email connector outon the DMZ?
Why do you want it in your DMZ in the first place? Are you trying to do DirSync's with other offices across the 'net? Do you want to allow clients to use RPC connections to it from across the 'net? Given Exchange Server's lack of exploitable SMTP services (other than relaying which can be controlled), it would make more sense to me to put your Exchange Server behind your FW-1 box and avoid having to secure all those others NT thingies that you'd end up leaving dangling in your DMZ. The only time you run into problems with NT boxen and Firewalls, things that might encourage you/force you to put it in your DMZ, typically is when you need to do NetBIOS crappola across the open wilds of the Internet. Since this, very much, is a thing you want to avoid like the plague, I'd focus more on that than anything else. Using SecuRemote and FW-1<->FW-1 VPNs should avoid any NetBIOS left lingering in the wind if you need to do it, and Exchange Server RPC stuff can be mandated to specific ports if VPNs are out. Cheers, Russ - NTBugtraq Editor
Current thread:
- Exchange Questions Rex Murphy (May 13)
- <Possible follow-ups>
- RE: Exchange Questions Danny Walker (May 16)
- RE: Exchange Questions Russ (May 16)
- RE: Exchange Questions cschuttg (May 16)
- RE: Exchange Questions Frank W. Keeney (May 16)
- RE: Exchange Questions sean . kelly (May 17)
- RE: Exchange Questions Frank W. Keeney (May 17)
- RE: Exchange Questions Russ (May 18)
- RE: Exchange Questions Frank W. Keeney (May 18)