Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
What ports for FE Server in DMZ
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
What ports for FE Server in DMZ - 7.May2004 2:13:00 PM
|
|
|
mattbunce
Posts: 5
Joined: 7.Dec.2001
From: Nottingham, UK
Status: offline
|
What ports do I need to have open between the DMZ and LAN networks to allow me to place a Front End Exchange 2003 server in the DMZ segmant which can communicate with the Back End mailbox servers? Is this the best solution or would I bet better having an SMTP gateway in the DMZ doing anti spam/virus work and then publish OWA/OMA/RPC from the internal LAN?
|
|
|
|
|
RE: What ports for FE Server in DMZ - 11.May2004 10:14:00 PM
|
|
|
Guest
|
While I haven't read through the ISA Server 2004/Exchange Deployment Kit in depth, at first glance it looks like you are placing the front end exchange server in the perimieter, right? Reading through some MS documentation, their recommendation is to bridge the perimeter and corp network with ISA and keep all of the exchange servers, FE and BE, on the corp side. What is the advantage of going your route? If you keep the FE in the corp, you don't need to have any machines in the perimieter join the domain, right?
|
|
|
|
|
RE: What ports for FE Server in DMZ - 12.May2004 2:33:00 PM
|
|
|
tshinder
Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Unregistered,
You can do it either way. The Exchange Server documents on FE/BE placement have historically placed the FE in a DMZ and the BE on the Internal network. You can do it either way. I sort of like the FE in a perimeter network because it does have direct contact with Internet servers. In an idea situation, this could be a "mid level" DMZ, which extends the Internal network domain into it to allow the FE server to be placed there. Then you can configure a second DMZ and place an incoming SMTP relay there, or configure an incoming SMTP relay on the ISA firewall. All other connections to the FE Exchange Server would then be authenticated, which makes it more secure to extend the domain into the perimeter network.
Many people over the last three years have been begging for this solution, so I thought I'd give them what they've wanted for so long!
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
