RE: Exchange in the DMZ

From: Miguel Duarte (miguelduarte@Investec.pt)
Date: 11/26/02

  • Next message: Palumbo, Dave (Factiva): "RE: Secure / Encrypt Terminal Services" 
    Date: Tue, 26 Nov 2002 10:11:45 -0000
From: "Miguel Duarte" <miguelduarte@Investec.pt>
To: "Dean Pullen" <deanpullen@yahoo.com>

    What kind of firewall are you using?
    I've actually managed to make it work but with a few quirks.

    I have the frontend server on a Cisco PIX interface with a different subnet from the LAN. I had to create address mappings (statics) of each DC in the domain pointing to an IP address within the DMZ. Then create DNS records of the DCs pointing to the new addresses (note that I cant keep the new DNS record for the DNS server, because it hasn't any interface with that address).
    Last make sure that the frontend server can reach the inner servers (ping, SMTP, etc).

    I hope I was at least a little clear...

    Miguel Duarte

    -----Original Message-----
    From: Dean Pullen [mailto:deanpullen@yahoo.com]
    Sent: Sat 11/23/2002 11:00 AM
    To: focus-ms@lists.securityfocus.com
    Cc:
    Subject: Exchange in the DMZ
    Hi guys,

    I've basically been told that we require an Exchange
    system operated within our DMZ setup. After much
    reading I've decided to go for a front-end, back-end
    Exhange system, with the Exchange front-end in the DMZ
    and the back-end in the LAN. However, even though I've
    opened up all the ports specified in MS' white papers
    between the DMZ and LAN, I cannot connect to the
    domain/active directory from the Front-End server. How
    do I go about this? I mean all I am trying at the
    moment is to connect to our internal Domain by
    accessing the network ID in the My Computer properties
    and trying typing in the Domain. Do I have to do
    anything else?! Sorry for my amateurishness(!) but
    we're a small firm and cannot afford a fully-fledged
    exchange specialist, thus I'm doing it!

    Thanks in advance.

    Dean Pullen.

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
    http://mailplus.yahoo.com

    Relevant Pages

    • RE: Webserver on a DMZ still needed?
      ... Certainly your suggestion to have a email server in a DMZ but still have ... having the exchange server on the internal LAN with only the smtp ports ... Talking of the financial cost of setup by the book vs the security cost ...
      (Security-Basics)
    • RE: Webserver on a DMZ still needed?
      ... OWA server. ... Webserver on a DMZ still needed? ... It is still recommended to have your exchange box (and any other outward ... to interact securely with the Domain Controller on the secure subnet? ...
      (Security-Basics)
    • Re: Netzschema
      ... Wenn du den SMTP Server in der DMZ zusätzlich auch als OWA Server verwenden möchtest, bedeutet das zwangsläufig, dass du Exchange installieren musst. ... Insofern braucht der DMZ Exchange auch entsprechende Zugriffe auf das AD. ... Denke an das Regelwerk, das nötig ist, um alleine den Intra-Domain-Traffic zu routen, zusätzlich zu den SMTP und Publishing-Regeln. ...
      (microsoft.public.de.german.isaserver)
    • Re: Netzschema
      ... Insofern braucht der DMZ Exchange auch entsprechende ... dass du durch den ISA Server etliche ... Stell doch deinen OWA Server in die Domain und publishe SMTP und OWA durch ...
      (microsoft.public.de.german.isaserver)
    • Re: Exchange, OWA and SBS2003
      ... I'm planning to run SBS 2003 and I would like the server to host ... My hope is to have SBS host my exchange server with about 10 ... I have a 3Com OfficeConnect firewall box with a DMZ ...
      (microsoft.public.windows.server.sbs)