old settings: - SMTP in DMZ (relay mails to interna ex2k): mail.comp.com - internal ex2k (relay outbound back to mail.comp.com): ex2k.internal.comp.com
new settings: - ISA in DMZ: do I give isa.comp.com? or mail.comp.com??? - FE ex2k3: mail.internal.comp.com?? I can't make it as mail.comp.com because it has to be a member server, right? - BE ex2k3: ex2k3.internal.comp.com (I guess this doesn't really matter)
1) I want to put ISA 2K4 in our DMZ, and FE/BE ex2k3 servers in our LAN. Does this mean I only need to open port 80/443 between ISA and FE? ISA doesn't need to be the member server right?
2) I can configure my internal FE as mail relay server for both inbound and outbound, right? Can I make it as a OWA and a RPC/Internet server at same time too?
3) Our old SMTP relay server in DMZ is mail.comp.com, so all inbound mails hit this server first. So my FE server should use the same name, "mail"? However, my internal domain is (mail.)internal.comp.com, how do I make it so external mails can get to my FE server with public MX record as mail.comp.com? Do I set it through ISA 2K4? and how?
4) the docs say FE needs to be ex2k3 enterpirse version. I see many people talking about using ex2k3 standard as the FE server. Is it possible? I am using ex2k3 enterprise clusterings for BE.
First, why do you want to put the FE Exchange in the DMZ? It would be better to put it on the same network as the back end. Remember, the FE/BE solution isn't a security solution, its a load balancing solution.
Do you have a diagram of what you want to set up? That would make it easier to see how get things working for you.
Also, if you wish to have remote users seamlessly access the Exchange Server, then a split DNS is mandatory.
No, I want to put ISA in DMZ, FE/BE in internal LAN.
So I should have ISA server as the standalone server, not a member server, so it won't content any AD information for security reason and I won't have to open up more ports then 80/443/25 on the FW, right?