Re: DMZ and Memberservers

• Previous message: Steven L Umbach: "Re: Deny Software Installation to Students"
• In reply to: Steven L Umbach: "Re: DMZ and Memberservers"
• Next in thread: jokes54321: "Re: DMZ and Memberservers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 26 May 2005 22:20:14 -0400

Also note that Exchange 2003 needs to be in a domain, as I understand it.
In that case, you may be better off using a different email server gateway
product in the DMZ, such as Norton Antivirus for Gateways, which comes free
[or used to] with NAV Corporate Edition with Platinum tech support.

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:ebtMxkkYFHA.796@TK2MSFTNGP09.phx.gbl...
> If possible you are best off not having them be members of your AD domain
> but keep in mind that may be impossible if they need to use AD to
> authenticate AD users. The problem is that to keep them domain members
you
> need to configure a number of rules in your firewall including dynamic
RPC.
> Web servers are good candidates for a dmz. The link below will show how
you
> need to configure a firewall for Active Directory unless you can configure
a
> tunnel of some sort such as for a persistent VPN connection. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442
>
> "jokes54321" <jokes54321@nospam.com> wrote in message
> news:%23AWnE8VYFHA.1796@TK2MSFTNGP15.phx.gbl...
> > We are in the process of redoing our network to implement a DMZ and add
a
> > Cisco PIX firewall to the mix. My question is, what roles should the
> > servers in the DMZ be? At the moment, our webserver and mailserver are
> > members of our Win2K AD domain behind a firewall. Once we move these to
> > the DMZ is it best practices to remove them from the domain and make
them
> > standalone servers?
> >
> > How are some of you doing this?
> >
> > Thank you,
> >
> > Denny
> >
>
>

• Previous message: Steven L Umbach: "Re: Deny Software Installation to Students"
• In reply to: Steven L Umbach: "Re: DMZ and Memberservers"
• Next in thread: jokes54321: "Re: DMZ and Memberservers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Securing the DMZ and Trusted domain with a firewall ... you can setup firewall to have DMZ completely separate, ... > separated by a Cisco Pix 520 firewall. ... All servers in the DMZ and trusted are multi ... > WINS and DHCP in the trusted domain. ... (microsoft.public.security) RE: Basic Network Configuration ... Yes, mail servers, web servers, ftp etc are your DMZ buddies. ... firewall> dmz> firewall> lan layout but physically it does not. ... (Security-Basics) Re: Moving servers beind firewall ... >> I need to move two servers from outside a firewall to a DMZ. ... >> from both the internet and internal segments. ... I may as well keep those servers outside the ... (comp.os.linux.security) Re: Svr-03 and DMZ ... If you use the back-to-back firewall model there is an additional firewall between the DMZ and the private LAN. ... The best candidates for a DMZ are servers which need to be accessed routinely from the Internet but only occasionally or never from the LAN. ... (microsoft.public.windows.server.networking) RE: Basic Network Configuration ... DMZ stuff, then put another firewall before your LAN. ... Mail servers, demo servers, etc.) should go in the DMZ. ... (Security-Basics)