Re: DMZ setup on firewall

From: John (jwholmes_at_earthlink.net)
Date: 08/06/03 

Date: Wed, 06 Aug 2003 06:58:55 GMT

On Mon, 04 Aug 2003 19:38:13 -0700, Phil wrote:

> What if the server on the DMZ were an MS Exchange 2K server that
> needed to have OWA access to the internet as well as a connection the
> the protected network. Could you put 2 network cards on the Exchange
> server and point one nic to the DMZ and one nic to the protected
> network. Could this configuration work if the DMZ had a public IP
> address and the other nic had a private IP address? Would there be any
> security issues between the nic's.
>
> I have only one Exchange server and I am required to supply OWA to
> home users through a PIX 515.
>
> Thanks for any help.
>

   Please do not circumvent your firewall by using dual nics!!!! Yes there
are potentially huge risks of doing this.

   Put the owa box in the dmz. The PIX will allow access from the inside
interface to the dmz interface by default. Then put a rule in the
access-list on the outside interface to allow access to the owa box only
on port 443 and if you must port 25. You will also need to give it a
public address or else do a nat 0.

   I think so highly of the security of Exchange that I prefer to put a
Postfix or Qmail box to deal with mail to/from the public and not list the
exchange box in dns as a mail server. The unix mail server will be a sort
of proxy for Exchange with it passing mail between Exchange and the world.
I only allow port 443 access to the Exchange box from the outside. 

-- 
___________
John Holmes
jwholmes@earthlink.net

Relevant Pages

  • Re: E-mail
    ... > mail within the network. ... > but I maintain the mail server. ... specific configuration information to better help you out. ... is this a Microsoft Exchange server or another brand? ...
    (microsoft.public.win2000.dns)
  • Re: Slow server response. Is it my box or is it the network.
    ... People are reporting slow outlook response. ... I am getting ready to run the Exchange Best Practices Analyzer to see if anything may be misconfigured. ... But my network guy says that the network is reporting an excessive amount of TxPause packets from our mail server and explaining our server can't handle the amount of requests coming in so its sending out requests to slow down the requests. ...
    (microsoft.public.exchange.admin)
  • Re: owa access via internet
    ... your firewall configuration, ... MVP - Exchange ... http://dns-name-to-server/exchange on our local network.. ... When I try to access the mail server via Internet ...
    (microsoft.public.exchange.setup)
  • Re: Newbie needs help fixing OWA on Exchange 2003
    ... Have you tried reinstalling Exchange? ... underlying IIS install. ... In order to provide secure access to OWA you will need to purchase an SSL ... how do I set up OWA for access OUTSIDE the network ...
    (microsoft.public.exchange.admin)
  • OWA works with my Entourage 2004 but not with Mail 2 (Tiger)
    ... exchange over the internet is via OWA. ... Description: Exchange Account ... Incoming Mail Server: ??? ... Outgoing Mail Server: try None, can always use an ISP's later ...
    (comp.sys.mac.apps)