Better off with ISA Proxy very true too. Or any decent firewall that can smart proxy in-bound tcp traffic. Probably cheaper than introducing ISA server in to the frame.
Check with you firewall vendor. A good firewall example: http://www.cyberguard.com/news_room/whitepaper_smartproxies.cfm K -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP] Sent: 21 July 2004 23:42 To: Exchange Discussions Subject: RE: DMZ ports for Front End Server You're better off with a web proxy server in the DMZ such as ISA than a front-end server. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of knighTslayer Sent: Wednesday, July 21, 2004 3:24 PM To: Exchange Discussions Subject: RE: DMZ ports for Front End Server I agree with Dean. If at least the FE server is in a DMZ and you are logging on both External AND DMZ interfaces on your chosen firewall, then you are much better informed than JUST logging on a External to Internal NAT'd level. It's a given that we all review firewall log reports regularly of' course. My two cents. K -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Cunningham Sent: 21 July 2004 23:12 To: Exchange Discussions Subject: RE: DMZ ports for Front End Server I need no convincing, your the one that needs convincing ;-) >>> [EMAIL PROTECTED] 22/07/2004 9:22:41 a.m. >>> You keep convincing yourself of that... ;o) -----Original Message----- From: Dean Cunningham [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 5:00 PM To: Exchange Discussions Subject: RE: DMZ ports for Front End Server You'll never convince me to do that ;-) if the FE is compromised, so is your whole network. At lease with it in the DMZ, you have some control over the ports and addresses it can connect internally to. What persuaded you to change? >>> [EMAIL PROTECTED] 22/07/2004 7:10:36 a.m. >>> It is not really THAT many ports, but we had these discussions here a bunch ot times and came to a conclusion that front-end in DMZ would not be a good thing to do. I actually used to be for the DMZ idea in the past but got persuaded to change my mind. If you still want to explore it, there are MS whitepapers on front-end/back-end Exchange configuration and on Exchange hosting that show all the ports that you will need to open. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rosselle, Brett Sent: Wednesday, July 21, 2004 3:05 PM To: Exchange Discussions Subject: RE: DMZ ports for Front End Server I haven't actually deployed it(in production) yet, so either option is still viable. Any particular reason for not having it in the DMZ, other than having to define a zillion ports, or is that the main reason? If it is, it's a good enough reason for me. Brett -- Brett Rosselle Systems Administrator Brightpoint North America 317.707.2525 Tel 317.707.2397 Fax [EMAIL PROTECTED] -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 1:57 PM To: Exchange Discussions Subject: RE: DMZ ports for Front End Server I concur -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey FTL Sent: Wednesday, July 21, 2004 11:57 AM To: Exchange Discussions Subject: RE: DMZ ports for Front End Server Take that front-end out of DMZ and put it into the internal network. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rosselle, Brett Sent: Wednesday, July 21, 2004 2:40 PM To: Exchange Discussions Subject: DMZ ports for Front End Server I'm guessing this had been covered in the past. I thought the Exchange discussions website had a search feature, but either it does not, or I am just not capable of finding it. I'm trying to find a list of the minimum ports needed for a 2003 Front End server to be able to connect back to the internal network from the DMZ. I found this link: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q278339 Not sure if it's correct for this aplication. Is there a better list somewhere? Thanks, Brett -- Brett Rosselle Systems Administrator Brightpoint North America 317.707.2525 Tel 317.707.2397 Fax [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ********************************************************************** Have you clicked on yet? www.nrc.govt.nz **********************************************************************Bpar Thanks, Bre NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ********************************************************************** Have you clicked on yet? www.nrc.govt.nz ********************************************************************** NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
