Re: (no subject)

["Skip Frizzell" <skip () blindpanic com>]

rather than putting an exchange server in the DMZ, why not put something that does
just what you need? there is a lot of unnecessary overhead with exchange when all
you need is an MTA and a web server.

that way instead of taking an exposed box and making it a member of your network
you make it a stand alone system (I don't believe you need user accounts since all
it runs is the web page that connects to the exchange server which is behind the
firewall). run an MTA such as Sendmail to catch the e-mail (also an excellent place
to run the antivirus and anti-spam software) and pass it along to the exchange
server (only SMTP is required, rather than punching all the holes necessary to make
a domain work across a firewall).

Or you can do it the lazy way that I did and simply forward all the necessary ports
from your firewall back to the exchange server. Send ports 25 and 80 back to the
exchange server and you have your functionality without spending the money on a
server and licenses. of course you give up some security by sending port 80 to the
exchange server, I would still create a second server (not part of the domain) to
run your IIS on so that you have some protection if IIS gets hacked.

Let us know what you finally decide and how it works.

     -=Skip

> Basically by putting the Exchange server in the LAN we
> can allow Outlook clients various public folder access
> within the LAN, plus a Domain Controller and Exchange
> setup on one machine. By placing the front-end
> Exchange box in the DMZ we can allow a public ip to be
> mapped to the internal exchange box, thus allowing
> STMP mail, HTTP access to a IIS server, and OWA. All
> of which are necessary.
>
> --- Skip Frizzell <skip () blindpanic com> wrote:
> > Hello Dean, instead of trying to implement the thing
> > that someone told you to do we
> > should first try and figure out what you want to do
> > and discover the best way to do
> > it.
> >
> > What do you hope to accomplish by putting an
> > exchange server in the DMZ?
> >
> >      -=Skip
> >
> > > I've basically been told that we require an
> > Exchange
> > > system operated within our DMZ setup. After much
> > > reading I've decided to go for a front-end,
> > back-end
> > > Exhange system, with the Exchange front-end in the
> > DMZ
> > > and the back-end in the LAN. However, even though
> > I've
> > > opened up all the ports specified in MS' white
> > papers
> > > between the DMZ and LAN, I cannot connect to the
> > > domain/active directory from the Front-End server.
> > How
> > > do I go about this? I mean all I am trying at the
> > > moment is to connect to our internal Domain by
> > > accessing the network ID in the My Computer
> > properties
> > > and trying typing in the Domain. Do I have to do
> > > anything else?! Sorry for my amateurishness(!) but
> > > we're a small firm and cannot afford a
> > fully-fledged
> > > exchange specialist, thus I'm doing it!
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards