• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Recommendation : Exchange in DMZ or Internal Network?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> Recommendation : Exchange in DMZ or Internal Network? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Recommendation : Exchange in DMZ or Internal Network? - 21.Nov.2006 8:41:54 PM   
Stoneink

 

Posts: 8
Joined: 1.Sep.2004
From: Sydney
Status: offline
Hi folks, can I please get an opinion on two configuration questions...

Looking at various articles by various people in various places for various versions of ISA & Exchange, the answers seem to vary. Even some of the articles here seem to contradict each other depending on configuration changes, so I thought it best if I seek expert opinions :)


Using Tom's ISA2000 book some years ago, I set up a happily working ISA configuration where the ISA2k server was in its own Workgroup and served my web access needs for many years.


This is a small setup of 3 servers and 20 stations.
At the moment, I have a working ISA 2004 configuration whereby I have an internal network, and a DMZ. 
* The ISA server is not in the domain.
* The sole machine in the DMZ is an IIS server that is a member server in the AD domain.


As outlined above, I've now upgraded to ISA2004. The new ISA server is still in its own Workgroup, in Edge Firewall mode with policy rules that allow the domain member server located in the DMZ to access the AD information (currently only to validate FTP access)


My two questions are :-
* Did I misconfigure my ISA2004 server by putting it in its own Workgroup (a configuration decision inherited from the ISA2k config) or is that still the 'correct' choice in small deployments like mine?

* I plan on adding Exchange to the (currently in the DMZ) member server. Should my (single) Exchange server be in the DMZ or in the Internal network?


Thanks folks.


PS. Originally I considered posting this in the Exchange forum but since it's technically a deployment question, I thought posting it here was the best bet.
Post #: 1
RE: Recommendation : Exchange in DMZ or Internal Network? - 22.Nov.2006 12:49:39 AM   
Stoneink

 

Posts: 8
Joined: 1.Sep.2004
From: Sydney
Status: offline
Okey doke, whilst doing some scrounging to try to find the reasoning behind the disparaging the usage of   .local   I discovered Tom's article (http://isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html) explaining & answering my first question -- my ISA box should be part of the domain, that's easy to fix.

(in reply to Stoneink)
Post #: 2
RE: Recommendation : Exchange in DMZ or Internal Network? - 22.Nov.2006 1:10:36 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

* I plan on adding Exchange to the (currently in the DMZ) member server. Should my (single) Exchange server be in the DMZ or in the Internal network?


This is an article of 5 parts that will explain to you how to publish a single Exchange server from your Internal Network.

http://www.isaserver.org/tutorials/ISA-Firewall-Publishing-OWA-RPC-HTTP-Single-IP-Address-Part1.html

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Stoneink)
Post #: 3
RE: Recommendation : Exchange in DMZ or Internal Network? - 22.Nov.2006 4:01:54 PM   
Stoneink

 

Posts: 8
Joined: 1.Sep.2004
From: Sydney
Status: offline
Thanks Tarek

I'd been through that article chain, which is great because it is virtually exactly the network structure I am using. That article was in fact one of the things that prompted me to ask my questions - in it, Tom says that he has written the article because he has seen lots of queries about that sort of configuration.

My question is whether that is the best configuration choice for that network layout, or whether the article has been written to help the people that already have that layout and need to make their configurations match the existing installation, rather than redesigning their installation into the best choice.

ie  Is the article an example of best practices for a small network,
or is it an example of how to make a sub-optimal configuration work most effectively?

(in reply to elmajdal)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> Recommendation : Exchange in DMZ or Internal Network? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts