Firewall Wizards mailing list archives
Re: (no subject)
From: "Skip Frizzell" <skip () blindpanic com>
Date: Sun, 24 Nov 2002 10:55:50 -0500 (EST)
rather than putting an exchange server in the DMZ, why not put something that does just what you need? there is a lot of unnecessary overhead with exchange when all you need is an MTA and a web server. that way instead of taking an exposed box and making it a member of your network you make it a stand alone system (I don't believe you need user accounts since all it runs is the web page that connects to the exchange server which is behind the firewall). run an MTA such as Sendmail to catch the e-mail (also an excellent place to run the antivirus and anti-spam software) and pass it along to the exchange server (only SMTP is required, rather than punching all the holes necessary to make a domain work across a firewall). Or you can do it the lazy way that I did and simply forward all the necessary ports from your firewall back to the exchange server. Send ports 25 and 80 back to the exchange server and you have your functionality without spending the money on a server and licenses. of course you give up some security by sending port 80 to the exchange server, I would still create a second server (not part of the domain) to run your IIS on so that you have some protection if IIS gets hacked. Let us know what you finally decide and how it works. -=Skip
Basically by putting the Exchange server in the LAN we can allow Outlook clients various public folder access within the LAN, plus a Domain Controller and Exchange setup on one machine. By placing the front-end Exchange box in the DMZ we can allow a public ip to be mapped to the internal exchange box, thus allowing STMP mail, HTTP access to a IIS server, and OWA. All of which are necessary. --- Skip Frizzell <skip () blindpanic com> wrote:Hello Dean, instead of trying to implement the thing that someone told you to do we should first try and figure out what you want to do and discover the best way to do it. What do you hope to accomplish by putting an exchange server in the DMZ? -=SkipI've basically been told that we require anExchangesystem operated within our DMZ setup. After much reading I've decided to go for a front-end,back-endExhange system, with the Exchange front-end in theDMZand the back-end in the LAN. However, even thoughI'veopened up all the ports specified in MS' whitepapersbetween the DMZ and LAN, I cannot connect to the domain/active directory from the Front-End server.Howdo I go about this? I mean all I am trying at the moment is to connect to our internal Domain by accessing the network ID in the My Computerpropertiesand trying typing in the Domain. Do I have to do anything else?! Sorry for my amateurishness(!) but we're a small firm and cannot afford afully-fledgedexchange specialist, thus I'm doing it!__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- (no subject) LazloCarreidas (Nov 06)
- <Possible follow-ups>
- Re: (no subject) broyds (Nov 06)
- (no subject) Dean Pullen (Nov 22)
- Re: (no subject) Skip Frizzell (Nov 22)
- Message not available
- Re: (no subject) Skip Frizzell (Nov 24)
- Re: (no subject) Skip Frizzell (Nov 22)
- Re: (no subject) Paul D. Robertson (Nov 24)
- RE: (no subject) Noonan, Wesley (Nov 22)
- RE: (no subject) Don Goldstein (Nov 25)
- RE: (no subject) Paul Robertson (Nov 25)
- RE: (no subject) Nieveler, Juergen (Nov 26)
- RE: (no subject) Paul D. Robertson (Nov 26)