Re: Exchange Server in DMZ
From: ObiWan (anzen.NO_at_SPAM.gmx.net)
Date: 12/14/04
- Next message: Eirik Seim: "Re: Why?"
- Previous message: Arthur Hagen: "Re: Why?"
- In reply to: Barry Streets: "Exchange Server in DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Dec 2004 17:57:17 +0100
> I helping to setup A Exchange server in a DMZ, what port(s)
> do I need to open for the server to participate in the local domain ???
Oh boy ... you'll need to open a whole lot of "sensible" ports since
the machine will need to join the domain, so all the netbios traffic
and so on... this in turn will drill a whole lot of holes between your
DMZ and your LAN, not a good thing imho, if possible, I'd suggest
you to place a simple SMTP server on the DMZ (the IIS SMTP will
do as well) and configuring it to forward mail to the Exchange server
sitting on your LAN, this will only require opening port 25 between
DMZ and LAN and won't expose your LAN to so many risks; by the
way this isn't feasible if you need to publish OWA, in such a case
you'll need to put the Exchange on the DMZ but .. in this case I'd
suggest installing the Exchange as a standalone machine and
not as a domain member; I know this means duplicating users
accounts and so on, but it you want to keep things secure it's
the only real way to do it imho
Regards
-- * ObiWan Microsoft MVP: Windows Server - Networking http://www.microsoft.com/communities/MVP/MVP.mspx http://mvp.support.microsoft.com DNS "fail-safe" for Windows clients. http://ntcanuck.com 408+ XP/2000 tweaks and tips http://ntcanuck.com/tq/Tip_Quarry.htm
- Next message: Eirik Seim: "Re: Why?"
- Previous message: Arthur Hagen: "Re: Why?"
- In reply to: Barry Streets: "Exchange Server in DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
