No announcement yet.

What is the best topologie based on this configuration?

  • Filter
  • Time
  • Show
Clear All
new posts

  • What is the best topologie based on this configuration?

    Well the idea is simple, implement a Exchange 2003 in my company.
    Our configuration is this:

    Security: WatchGuard Core Firewall
    Wan: 10 public ips

    Well th idea is to put a Echange server in the LAN Network, but from what i see in the paper they recommended a Front end / Back en configuration.
    From my point of view putting a front end in the DMZ is to much insecured because of the need of open ports to comunicate with AD, Exchange back end, etc.
    I totally discard ISA server that is not a option, so how can i securelly publish my exchange to the Wan?
    What i need is not publish directly mi email server to the Wan, i would certainly like to have something in my DMZ acting as a front end but more secure than the exchange fron end.

    What you guys think abut this???


  • #2
    Re: What is the best topologie based on this configuration?

    Just put the Exchange server on the LAN, open port 443 (https) and 25 (smtp) to the internet and leave it at that. There are many servers configured like that, my own included and it is fine. As long as the server is fully patched, kept patches and you have taken normal security precautions then you should be fine.

    Putting an Exchange server in the DMZ is a bad idea.
    If you don't want to publish Exchange directly to the internet then your only choice really is an ISA - as that is designed to work with OWA, RPC over HTTPS, ActiveSync etc.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.