Re: Only IIS in DMZ, Exchange (with AD) and SQL Server on internal network

From: Baki (bobradovic2001@yahoo.com)
Date: 09/17/02 

From: "Baki" <bobradovic2001@yahoo.com>
Date: Mon, 16 Sep 2002 22:18:40 -0400

My question was:
What TCP ports on what interface do I have to open in order to make Exchange
(located on internal network) to send and recieve mail? My additional
question is what is advantage in terms of security of configuring DMZ and
placing IIS with public IP address in it, comparing to NAT (maping addresses
1 to 1) and not using DMZ at all (placing IIS on internal network)?
Thank you very much,
Baki

"S. Pidgorny [MVP]" <slavickp@yahoo.com> wrote in message
news:enXHdaWXCHA.2056@tkmsftngp09...
> Please elaborate?
>
> Your're right about SQL, ad I don't quite get your problem with
> Exchange.........
>
>
> --
> Svyatoslav Pidgorny, MS MVP, MCSE
> -= F1 is the key =-
>
> "Baki" <bobradovic2001@yahoo.com> wrote in message
> news:ujBvESQXCHA.2240@tkmsftngp10...
> > Hi guys,
> > I need to reconfigure our network. We have a 3COM firewall with DMZ. I
> want
> > to place IIS in DMZ, and Exchange Server and SQL Server (internet
> > application database) on our internal network. What ports do I have to
> open?
> > I know that I should open TCP 80 for inbound traffic on extrernal
> interface,
> > and TCP 1433 between DMZ and internal network. What port do I have to
open
> > for Exchange Server? I suppose it is TCP 25 (SMTP), but do I have to
open
> it
> > on all interfaces (external, internal and DMZ)?
> > Thank you in advance,
> > Baki
> >
> >
>
>

Relevant Pages

  • RE: Firewalling with a webserver and DB
    ... But the DB on the internal network. ... only allow port 80 into your DMZ IF all you have are ... As clients computers will use these ports dynamically to talk to ... Firewalling with a webserver and DB ...
    (Security-Basics)
  • Re: No front-end in DMZ
    ... ISA server is out of consideration at all immediately. ... ISA server placed in the DMZ requires (as to best ... internal network card to be connected to internal network directly, ... and open above named ports just between these two. ...
    (microsoft.public.exchange.admin)
  • Re: ASA 5505 with three separate networks
    ... the third VLAN can only be configured to initiate ... can configure trunk ports to accomodate multiple VLANs per port." ... DMZ is accessible from outside, that would be ok for me. ... messed up kind of interface. ...
    (comp.dcom.sys.cisco)
  • Re: Can SSL version 3 be used on OWA 2003?
    ... iside DMZ IP, wouldn't this be just the same internally? ... The box should not be in the DMZ because of all the ports that need to ... be open between DMZ and internal network. ...
    (microsoft.public.exchange.admin)
  • Re: Where do I put Exchange Server?
    ... Again, thanks for the response. ... Those AD queries would be between the DMZ ... and the internal network. ... > you have to open many ports to allow AD query, client access mail server, ...
    (microsoft.public.isa.configuration)