Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Exchange Server / Design / August 2006

Tip: Looking for answers? Try searching our database.

Exchange Backend servers firewalled from internal users

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Ash Wainwright - 18 Aug 2006 19:20 GMT
I would like some advice. We have a Security Manager at our company who wants
to separate all user desktops in our organisation from Exchange and Active
Directory and all Microsoft services with a Checkpoint Firewall.

We would need to configure the NG60 Checkpoint firewall with a ruleset that
would allow the user desktop groups which are split into 8 Vlans to access
all Exchange ports including the RPC range as well as the Active Directory
services.

My question is this do many organisations place firewalls between all there
users and their Exchange and AD servers.

While I can see the added security aspects of the plan, the added
administration overhead seems problematic as well as the performance impact.
Particularly when we are talking about all our internal Microsoft services
and UNIX services.

Just to clarify these are all internal trusted users accesing internal
systems, we are a company with under a 1000 users.

This does not refer to DMZ's which are firewalled from internal users.

Anyones experience or refrence to articles whitepapers would be much
appreciated.

Thanks

Ash

Signature

Ash

Reply to this Message
jamestechman@gmail.com - 19 Aug 2006 16:52 GMT
I've never ran into any organization that put a firewall between the
client side and server side in a LAN. I'm not sure what the performance
implications will be, the only way to know would be to test. I'm not
familiar with any whitepapers on this, I'm guessing what'll you'll
likely find is documentation on what ports clients need to access
Exchange and AD.

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

> I would like some advice. We have a Security Manager at our company who wants
> to separate all user desktops in our organisation from Exchange and Active
[quoted text clipped - 25 lines]
> Ash
>  
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.