RE: Exchange in the DMZ
From: David Sommers (dsommers@dialogmedical.com)
Date: 11/26/02
- Previous message: Welsh, Armand: "RE: Exchange in the DMZ"
- Maybe in reply to: Dean Pullen: "Exchange in the DMZ"
- Next in thread: Jack Lyons: "RE: Exchange in the DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Nov 2002 12:13:35 -0500 From: "David Sommers" <dsommers@dialogmedical.com> To: "Pidgorny, Slav" <slav.pidgorny@anz.com>, "Dean Pullen" <deanpullen@yahoo.com>, <focus-ms@lists.securityfocus.com>
I agree as well. ISA server has many benefits to using
front-end/back-end Exchange Servers. Including the fact that you have
to run Exchange Enterprise as the front-end server, which costs more
than the Standard version. Plus ISA offers protection to OWA (web
access) and can provide externally encrypted RPC handling for directly
connecting Outlook from the Internet to your Exchange server.
This article provides information on whether or not ISA will benefit
you.
http://www.fawcette.com/dotnetmag/2002_12/magazine/columns/maximumexchan
ge/
/David.
-----Original Message-----
From: Pidgorny, Slav [mailto:slav.pidgorny@anz.com]
Sent: Monday, November 25, 2002 10:54 PM
To: Dean Pullen; focus-ms@lists.securityfocus.com
Subject: RE: Exchange in the DMZ
Dean,
Some details about the error messages you have and event log entries
would be useful. Is there NAT in the picture? Can you resolve DNS names
on the DNS supporting AD? What about other connectivity (LDAP, LDAP to
GC, Kerberos over TCP and UDP, CIFS)?
Try to run Netmon and capture traffic from the front-end server during
startup. It helps.
Genarally, I would recommend against Exchange front-end in DMZ because
too much connectivity is required back to the private intranet. Also I
think that DMZ should be a separate authentication domain.
Regards
Slav
-----Original Message-----
From: Dean Pullen [mailto:deanpullen@yahoo.com]
Sent: Saturday, 23 November 2002 10:01 PM
To: focus-ms@lists.securityfocus.com
Subject: Exchange in the DMZ
Hi guys,
I've basically been told that we require an Exchange
system operated within our DMZ setup. After much
reading I've decided to go for a front-end, back-end
Exhange system, with the Exchange front-end in the DMZ
and the back-end in the LAN. However, even though I've
opened up all the ports specified in MS' white papers
between the DMZ and LAN, I cannot connect to the
domain/active directory from the Front-End server. How
do I go about this? I mean all I am trying at the
moment is to connect to our internal Domain by
accessing the network ID in the My Computer properties
and trying typing in the Domain. Do I have to do
anything else?! Sorry for my amateurishness(!) but
we're a small firm and cannot afford a fully-fledged
exchange specialist, thus I'm doing it!
Thanks in advance.
Dean Pullen.
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
- Next message: Jack Lyons: "RE: Exchange in the DMZ"
- Previous message: Welsh, Armand: "RE: Exchange in the DMZ"
- Maybe in reply to: Dean Pullen: "Exchange in the DMZ"
- Next in thread: Jack Lyons: "RE: Exchange in the DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
