Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Exchange Server / Design / August 2005

Tip: Looking for answers? Try searching our database.

OWA front end server in the DMZ

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Tim Gordon - 23 Aug 2005 16:40 GMT
Hi,

Quick question:  We are currently running Exchange 2003 Enterprise inside
the LAN.  I want to set up a front end server in the DMZ for Outlook Web
Access for users when they are out and about.  Does anyone know of a white
paper or a 'how to' article that they can point me in the direction of?

Specifically, I am looking for a list of the ports that I need to open from
the DMZ to the LAN but a complete idiots guide would be nice!

Thanks in advance.

Tim

Signature

I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.

Reply to this Message
Al Mulnick - 23 Aug 2005 16:50 GMT
Pretty much you just open all ports from the FE server to the AD, DNS, and
Exchange servers on your lan.  You could narrow it down to about 8 ports and
protocols, but at that point why bother?  May as well just allow TCP 443 all
the way to the trusted network FWIW. Of course, if you leave OWA in a DMZ,
you do limit some of the traffic that machine can get to by not allowing it
to attack other resources outside of AD, DNS, and Exchange servers.

Have you considered what ISA can do for you?

As for a white paper, see the FE/BE information at
http://www.microsoft.com/exchange/library

Al

> Hi,
>
[quoted text clipped - 9 lines]
>
> Tim
Reply to this Message
Tim Gordon - 24 Aug 2005 17:00 GMT
> Pretty much you just open all ports from the FE server to the AD, DNS, and
> Exchange servers on your lan.  You could narrow it down to about 8 ports
[quoted text clipped - 14 lines]
>>
>> Quick question:  We are currently running Exchange 2003 Enterprise inside
[snipped quoted]

Thanks Al,

Can't really consider ISA.  This is at a site that is secured by another
party and any changes to the firewalls I must run past them in advance -
hence my post.

Tim

Signature

I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.

Reply to this Message
Al Mulnick - 24 Aug 2005 19:35 GMT
That's interesting because you're going to be making firewall changes
regardless, right?  In this scenario, don't think of ISA as a firewall
device, but as an Exchange extension instead.  It'll make more sense because
you're not deploying a new firewall that way.

>> Pretty much you just open all ports from the FE server to the AD, DNS,
>> and Exchange servers on your lan.  You could narrow it down to about 8
[quoted text clipped - 24 lines]
>
> Tim
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.