Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
ISA/FE/BE question
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
ISA/FE/BE question - 21.Feb.2004 8:48:00 AM
|
|
|
batmon
Posts: 28
Joined: 21.Feb.2004
Status: offline
|
I am in the process of upgrading our single internal ex2k server w/ a SMTP relay server in DMZ to ISA 2k4/FE/BE Ex2k3 servers. Some questions that I am still not very clear about.
outside domain name: comp.com
internal domain name: internal.comp.com
old settings:
- SMTP in DMZ (relay mails to interna ex2k): mail.comp.com
- internal ex2k (relay outbound back to mail.comp.com): ex2k.internal.comp.com
new settings:
- ISA in DMZ: do I give isa.comp.com? or mail.comp.com???
- FE ex2k3: mail.internal.comp.com?? I can't make it as mail.comp.com because it has to be a member server, right?
- BE ex2k3: ex2k3.internal.comp.com (I guess this doesn't really matter)
1) I want to put ISA 2K4 in our DMZ, and FE/BE ex2k3 servers in our LAN. Does this mean I only need to open port 80/443 between ISA and FE? ISA doesn't need to be the member server right?
2) I can configure my internal FE as mail relay server for both inbound and outbound, right? Can I make it as a OWA and a RPC/Internet server at same time too?
3) Our old SMTP relay server in DMZ is mail.comp.com, so all inbound mails hit this server first. So my FE server should use the same name, "mail"? However, my internal domain is (mail.)internal.comp.com, how do I make it so external mails can get to my FE server with public MX record as mail.comp.com? Do I set it through ISA 2K4? and how?
4) the docs say FE needs to be ex2k3 enterpirse version. I see many people talking about using ex2k3 standard as the FE server. Is it possible? I am using ex2k3 enterprise clusterings for BE.
Thank you.
|
|
|
|
|
RE: ISA/FE/BE question - 22.Feb.2004 8:27:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Batmon,
First, why do you want to put the FE Exchange in the DMZ? It would be better to put it on the same network as the back end. Remember, the FE/BE solution isn't a security solution, its a load balancing solution.
Do you have a diagram of what you want to set up? That would make it easier to see how get things working for you.
Also, if you wish to have remote users seamlessly access the Exchange Server, then a split DNS is mandatory.
HTH,
Tom
|
|
|
|
|
RE: ISA/FE/BE question - 25.Feb.2004 12:39:00 AM
|
|
|
batmon
Posts: 28
Joined: 21.Feb.2004
Status: offline
|
Hello,
No, I want to put ISA in DMZ, FE/BE in internal LAN.
So I should have ISA server as the standalone server, not a member server, so it won't content any AD information for security reason and I won't have to open up more ports then 80/443/25 on the FW, right?
|
|
|
|
|
RE: ISA/FE/BE question - 26.Feb.2004 1:04:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Batmon,
OK, I think I get it. Something like this:
Internet->Router->DMZ->Firewall->FE and BE Exchange
Yes, the ISA firewall can have an interface on the DMZ and provide powerful protection for your FE and BE Exchange Servers.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
