What's new
By:
Filters
ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

exchange and web access public facing server



M

McBunny

right one of the directors has just got a nokia 9300 and wants to be able to get emails on it from our exchange 2003 server problem is our server is hidden behind our fire wall.

so i would say we need a public facing exchange server right ?

and if i did that it shouldnt be our existing mail server for security reasons right ?

so i would need to put in a front end backend exchange setup so you connect to the public frontend server that then passes the request onto the secure backend server right ?


so id like to know whats the best way to do this if not the way above as my balls really are on the line over this so it has to go right first time.

please help
mike
 
Daz

Daz

Best way, is to get an ISA server in - as it can protect Exchange properly (and the only firewall which can).

I'm guessing he might want web exchange? In which case, it just uses IIS.. and it'll work fine.
Again, you can just let traffic through to the Exchange server (IIS). Most people do this and it's OK, but me, I wouldn't without ISA again (as yes, it can protect IIS properly)

If I was deploying an Exchange server and it was going to be live - I'd never do it without an ISA server just because of it's great application filtering - no other firewall does anything near it really.

I'm guessing it is Web Exchange you need - I'm guessing the Nokia doesn't have an Exchange client on it.. hehe.
On the other hand, it could be POP3 or it could be IMAP.. in which case again, you can just port forward.

FE/BE Exchange needs Enterprise Exchange if I remember so turns out very expensive (two Exchange Ent licences aren't cheap!)


At the end of the day, it depends how much you trust Windows 2003 (Exchange etc..) live on the internet as to how much time/money you spend.. Me? I don't trust it at all.. and I'd go the ISA route.
 
M

McBunny

daz we have exchange 2k3 ent already so only 1 more license needed we also have a copy of isa 2003

he doesnt want to use outlook web he wants to just use imap as the mobile supports imap with its mail app


so your suggesting putting our exchange server onto the net letting only isa protect it and not the hardware firewall ??

id have thought it would be better to have the firewall then have the front end server with 2 nics one on a seperate network and one with a public ip
then the backend server staying where it is having the front end exchange server forwarding on requests ?

but i could stick isa on the new server if need be
 
G

Gav76

McBunny said:
or are you suggesting it goes like this

net - firewall - isa server - front end server - back end server ?
Click to expand...

Why do you need the front end server if you've 2 NICs on the ISA server? You could route the exchange connection through the second firewall (I'm assuming thats missing from the flow).

Or you could upgrade to Lotus Notes and configure a passthru server easy as ;)
 
M

McBunny

erm the isa server would have to have 2 nics one to have the fe server on the other to have the rest of the lan on as they should be on seperate subnets for security
basically the isa server would act like a firewall with dmz but we already have a firewall with an optional/dmz port so i dont think we would need the isa server bit
 
G

geordiepaul

  Astra 1.9cdti XP
You can configure RPC through the firewall for the exchange so you'd only need one instance! Just google RPC and Exchange...loads of answers!! :-D
 
Daz

Daz

ISA will "publish" the services through itself - so in effect, you don't need an FE/BE server config.

ISA filters EVERYTHING - and it blocks common attacks etc.. for example, Code Red wouldn't hit an unpatched IIS server if it was firewalled by ISA. ;)

net - firewall - isa server - server

Would work yes.. (from what I understand)

It's the ISA filtering you need really.. I wouldn't just port forward imap to Exchange - you can do it, tho.. if you are really brave. ;) If it was my company, I'd want ISA protecting it tbh.
 
Daz

Daz

McBunny said:
erm the isa server would have to have 2 nics one to have the fe server on the other to have the rest of the lan on as they should be on seperate subnets for security
basically the isa server would act like a firewall with dmz but we already have a firewall with an optional/dmz port so i dont think we would need the isa server bit
Click to expand...

It would work - yes.. but it'll be unfiltered. ISA is clever in that it knows whats bad and whats good and filters on the application layer.
There is no better for firewalling a Windows server with IIS, Exchange etc.. published on the internet from what I understand and have read etc..
 
You must log in or register to reply here.

Similar threads

SharkyUK
Frogg- Jumpy-Hop-Hop "Remake"
Replies
16
Views
1K
SharkyUK
SharkyUK
DeeKay86
My Comprehensive Notes from todays Apple Special Event! 8th March 2022. [Mac Studio / Studio Display etc].
Replies
0
Views
1K
DeeKay86
DeeKay86
DeeKay86
My Comprehensive Notes from todays Apple WWDC Keynote!
Replies
25
Views
3K
Ay Ay Ron
Ay Ay Ron
DeeKay86
My Comprehensive notes from todays Apple Special Event 2020 [Apple Watch Series 6/SE & iPad/iPad Air].
Replies
0
Views
860
DeeKay86
DeeKay86
chris blue
Bucket seat fitting, subframes, existing runners, harness, etc. Advice and tips?
2
Replies
45
Views
7K
chris blue
chris blue


Top