| Author |
Message |
Tim Gordon
Guest
|
 Posted:
Tue Aug 23, 2005 5:00 pm Post subject:
OWA front end server in the DMZ |
|
|
Hi,
Quick question: We are currently running Exchange 2003 Enterprise inside
the LAN. I want to set up a front end server in the DMZ for Outlook Web
Access for users when they are out and about. Does anyone know of a white
paper or a 'how to' article that they can point me in the direction of?
Specifically, I am looking for a list of the ports that I need to open from
the DMZ to the LAN but a complete idiots guide would be nice!
Thanks in advance.
Tim
--
I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.
|
|
| Back to top |
|
 |
Al Mulnick
Guest
|
| Posted:
Tue Aug 23, 2005 5:00 pm Post subject:
Re: OWA front end server in the DMZ |
|
|
Pretty much you just open all ports from the FE server to the AD, DNS, and
Exchange servers on your lan. You could narrow it down to about 8 ports and
protocols, but at that point why bother? May as well just allow TCP 443 all
the way to the trusted network FWIW. Of course, if you leave OWA in a DMZ,
you do limit some of the traffic that machine can get to by not allowing it
to attack other resources outside of AD, DNS, and Exchange servers.
Have you considered what ISA can do for you?
As for a white paper, see the FE/BE information at
http://www.microsoft.com/exchange/library
Al
"Tim Gordon" <tim@mgom.co.uk> wrote in message
news:7sHOe.37$hR5.2@newsfe5-gui.ntli.net...
| Quote: | Hi,
Quick question: We are currently running Exchange 2003 Enterprise inside
the LAN. I want to set up a front end server in the DMZ for Outlook Web
Access for users when they are out and about. Does anyone know of a white
paper or a 'how to' article that they can point me in the direction of?
Specifically, I am looking for a list of the ports that I need to open
from the DMZ to the LAN but a complete idiots guide would be nice!
Thanks in advance.
Tim
--
I never wish I was not what I was not when I didn't wish what I was not
was
not what I am not.
|
|
|
| Back to top |
|
|
Tim Gordon
Guest
|
| Posted:
Wed Aug 24, 2005 4:59 pm Post subject:
Re: OWA front end server in the DMZ |
|
|
"Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
news:%23zP4yp$pFHA.748@TK2MSFTNGP12.phx.gbl...
| Quote: | Pretty much you just open all ports from the FE server to the AD, DNS, and
Exchange servers on your lan. You could narrow it down to about 8 ports
and protocols, but at that point why bother? May as well just allow TCP
443 all the way to the trusted network FWIW. Of course, if you leave OWA
in a DMZ, you do limit some of the traffic that machine can get to by not
allowing it to attack other resources outside of AD, DNS, and Exchange
servers.
Have you considered what ISA can do for you?
As for a white paper, see the FE/BE information at
http://www.microsoft.com/exchange/library
Al
"Tim Gordon" <tim@mgom.co.uk> wrote in message
news:7sHOe.37$hR5.2@newsfe5-gui.ntli.net...
Hi,
Quick question: We are currently running Exchange 2003 Enterprise inside
[snipped quoted] |
Thanks Al,
Can't really consider ISA. This is at a site that is secured by another
party and any changes to the firewalls I must run past them in advance -
hence my post.
Tim
--
I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.
|
|
| Back to top |
|
|
Al Mulnick
Guest
|
| Posted:
Wed Aug 24, 2005 11:35 pm Post subject:
Re: OWA front end server in the DMZ |
|
|
That's interesting because you're going to be making firewall changes
regardless, right? In this scenario, don't think of ISA as a firewall
device, but as an Exchange extension instead. It'll make more sense because
you're not deploying a new firewall that way.
"Tim Gordon" <tim@mgom.co.uk> wrote in message
news:XQ0Pe.4$%h6.3@newsfe4-gui.ntli.net...
| Quote: | "Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
news:%23zP4yp$pFHA.748@TK2MSFTNGP12.phx.gbl...
Pretty much you just open all ports from the FE server to the AD, DNS,
and Exchange servers on your lan. You could narrow it down to about 8
ports and protocols, but at that point why bother? May as well just
allow TCP 443 all the way to the trusted network FWIW. Of course, if you
leave OWA in a DMZ, you do limit some of the traffic that machine can get
to by not allowing it to attack other resources outside of AD, DNS, and
Exchange servers.
Have you considered what ISA can do for you?
As for a white paper, see the FE/BE information at
http://www.microsoft.com/exchange/library
Al
"Tim Gordon" <tim@mgom.co.uk> wrote in message
news:7sHOe.37$hR5.2@newsfe5-gui.ntli.net...
Hi,
Quick question: We are currently running Exchange 2003 Enterprise
inside
[snipped quoted]
Thanks Al,
Can't really consider ISA. This is at a site that is secured by another
party and any changes to the firewalls I must run past them in advance -
hence my post.
Tim
--
I never wish I was not what I was not when I didn't wish what I was not
was
not what I am not.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in