Exchange OWA with ISA

From: bej (bej_at_discussions.microsoft.com)
Date: 10/30/04

  • Next message: bengt: "Exchange with ISA" 
    Date: Sat, 30 Oct 2004 02:32:01 -0700

    Microsoft recommends a scenario where you put ISA server in a DMZ and publish
    OWA from an Exchange Front-end server on the inside. Looking at it strictly
    from a security point of view, is there any diffence in publishing the
    Back-end server instead and skip the Front-end server? I meen if you manage
    to hack the Front-end server you´re already inside?

  • Next message: bengt: "Exchange with ISA"

    Relevant Pages

    • No front-end in DMZ
      ... > Exchange in a DMZ is a reasonably sized no. ... > There are a number of tutorials for setting up OWA and certificates ... Also - how necessary is the SSL on the front-end server? ...
      (microsoft.public.exchange.admin)
    • Re: Implement FE server
      ... I'm not telling you that you shouldn't use a front-end server, just that ISA ... ISA server in the DMZ and using it to publish OWA and relay SMTP to the ... Do you mean I should use ISA in DMZ and use the ISA to route the OWA ...
      (microsoft.public.exchange.admin)
    • Re: OWA connectivity
      ... putting an Exchange front-end server in your DMZ opens more ... your intranet, and, if you want protection inside your DMZ, you should use ... a front-end server in a DMZ that I was hitting for OWA but I was told by ... firewall vendor to change my rule to point directly to my back-end box on ...
      (microsoft.public.exchange.admin)
    • Re: NTLM doesnt work for RPC over HTTP
      ... Move the front-end server inside your intranet and allow port 443 between ... the DMZ and the front-end server. ... Install a web proxy device in your DMZ if ...
      (microsoft.public.exchange.admin)
    • Re: CANT CHANGE PASSWORD IN OWA
      ... Take that front-end server out of the DMZ, close all of the holes ... you opened to make it work, and replace it with an ISA Server or some other ...
      (microsoft.public.exchange.admin)