 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Exchange Server / Design / August 2005MS EXchange behind NAT
Can I setup my MS exchange server2003 behind NAT? Or should I put it in DMZ zone? If I can use NAT without putting in DMZ, it will only work for internal email, won't it? Thanks. Tekno Depends on your environment/security policy and concerns, and what you're trying to accomplish. You can: 1) open smtp on your firewall to internal Exchange. Most people are not comfortable with that, though small companies typically end up doing this. 2) Use a non-Exchange/non-domain member or linux/unit smtp box as smtp gateway in your dmz, open smtp from Internet to that box in dmz, open smtp from that particular box only to internal exchange bridgehead/mailbox server. Very common. 3) Use ISA. 4) Use a hosted smtp service that does antispam/antivirus, allow only their ip addresses to smtp to a dmz host, allow only dmz host to smtp to exchange You do not want to put an Exchange box in the dmz - will need to open a lot of ports to talk to dcs/gcs/other exchange boxes. Tyipically Exchange is set up on the internal network.  SignatureBharat Suneja MCSE, MCT -------------------------------- > Can I setup my MS exchange server2003 behind NAT? Or should I put it in > DMZ [quoted text clipped - 4 lines] > Thanks. > Tekno Thank you very much for very useful your quick answer. I need more help please. Here is my situation: I work for a small companies with 50-70 users, with only one Linux server for the business application, and one Windows Server 2003 as a Domain Controller, file server, DNS, and internal hosting only. We may add one more server as an Exchange server if we have to. Some question regarding your 4 options: > Depends on your environment/security policy and concerns, and what you're > trying to accomplish. > > You can: > 1) open smtp on your firewall to internal Exchange. Most people are not > comfortable with that, though small companies typically end up doing this. Open smtp on my firewall to internal exchange, does that mean open all ports need by exchange? and use private ip for the exchange server? > 2) Use a non-Exchange/non-domain member or linux/unit smtp box as smtp > gateway in your dmz, open smtp from Internet to that box in dmz, open smtp > from that particular box only to internal exchange bridgehead/mailbox > server. Very common. Is this secure solution than the other? Do I need to add antispam and anti virus in that linux smtp box? What critical things do I need for this set up? > 3) Use ISA. How I suppose to set up the ISA configuration. Behind Router firewall, can I set up the ISA setup in the same box with the Exchange server and make the exchange server in a DMZ zone? > 4) Use a hosted smtp service that does antispam/antivirus, allow only their > ip addresses to smtp to a dmz host, allow only dmz host to smtp to exchange Is this # 4 option the best solution for me for security and easy to configure? > You do not want to put an Exchange box in the dmz - will need to open a lot > of ports to talk to dcs/gcs/other exchange boxes. Tyipically Exchange is set > up on the internal network. Once again thank you very much for your help. Tekno Budi > -------------------------------- > [quoted text clipped - 6 lines] > > Thanks. > > Tekno Replies inline. SignatureBharat Suneja MCSE, MCT -------------------------------- > Thank you very much for very useful your quick answer. > I need more help please. [quoted text clipped - 18 lines] > ports > need by exchange? and use private ip for the exchange server? --- no, only smtp port 25 from internet to exchange server on internal network. exchange sits on the internal network, so yes, pvt ip for exchange. once again, not a very secure solution, but something small companies frequently end up doing. >> 2) Use a non-Exchange/non-domain member or linux/unit smtp box as smtp >> gateway in your dmz, open smtp from Internet to that box in dmz, open [quoted text clipped - 5 lines] > virus in that linux smtp box? What critical things do I need for this set > up? -- certainly more secure than #1. Don't *need* to add antispam and antivirus to the gateway (linux or windows) smtp box, but it helps stop a lot of spam and viruses from entering your network at all. >> 3) Use ISA. > > How I suppose to set up the ISA configuration. Behind Router firewall, can > I > set up the ISA setup in the same box with the Exchange server and make the > exchange server in a DMZ zone? -- ISA would be dual-homed. Don't recommend setting up ISA on same box as Exchange. (For a good small business solution check out SBS 2003). >> 4) Use a hosted smtp service that does antispam/antivirus, allow only >> their [quoted text clipped - 3 lines] > Is this # 4 option the best solution for me for security and easy to > configure? -- Not very difficult, and perhaps more secure because the service provider's smtp is exposed to the internet, and saves you the trouble of setting up a smtp gateway in a dmz, and dealing with antispam and security issues. The only issue here is recurring monthly cost. >> You do not want to put an Exchange box in the dmz - will need to open a >> lot [quoted text clipped - 16 lines] >> > Thanks. >> > Tekno |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.