Re: [fw-wiz] PIX -> ISA -> OWA Configuration
From: Danny (nocmonkey_at_gmail.com)
To: Jason Gomes <firstname.lastname@example.org> Date: Thu, 5 May 2005 14:25:48 -0400
On 5/1/05, Jason Gomes <email@example.com> wrote:
> What is the preferred placement for a OWA front-end server given these
> two possible network configurations and why?
> 1) [Internet] <==> [PIX Firewall] <==> [ISA Proxy] <==> [PIX Firewall]
> <==> [OWA] <==> [Internal Net w/Exchange Svr]
> 2) [Internet] <==> [PIX Firewall] <==> [ISA Proxy] <==> [OWA] <==> [PIX
> Firewall] <==> [Internal Net w/Exchange Svr]
> The ISA server is performing a reverse proxy for HTTPS connections.
> In #1, the backend firewall will only allow port 443 through to OWA.
> In #2, all ports required for OWA to communicate with the internal
> exchange server is allowed.
What type of clients? Road warrior employees with laptops? If so, how about:
3) Verified client with proprietary VPN client and AES 256 -> Big bad
Innernat -> Firewall only allowing connections from proprietary VPN
client -> ISA Proxy -> OWA & Exchange
firewall-wizards mailing list