OK, so if I want to protect with a PIX and ISA 2004 to publish E2K3 for OWA/OMA, what's the recommended setup? Any good docs? What I've read so far is kinda pointing me to ISA in the DMZ, with E2K3 FE & BE inside the network. That way I don't have to open the RPC over HTTP or FE/BE holes in the firewall; is that about right? We're running 5.5 now with no OWA, so it will be a big change in exposure for us. I've found docs on ISA and publishing E2K3, but not about where it fits with the PIX acting as the first line of defense... I'm also looking into configuring the ISA server as an SMTP relay to further limit exposure of the E2K3 server...
********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 22, 2004 9:36 AM > To: Exchange Discussions > Subject: RE: DMZ ports for Front End Server > > Yes. People have had a number of issues with it over time. > http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=Exc > hange+SMTP+Fix > up > > http://support.microsoft.com/?kbid=320027 > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Charlie > Kaiser > Sent: Thursday, July 22, 2004 9:34 AM > To: Exchange Discussions > Subject: RE: DMZ ports for Front End Server > > Be careful with what exactly? Fixup? > > ********************** > Charlie Kaiser > MCSE, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ********************** > > > > -----Original Message----- > > From: Martin Blackstone [mailto:[EMAIL PROTECTED] > > Sent: Thursday, July 22, 2004 9:11 AM > > To: Exchange Discussions > > Subject: RE: DMZ ports for Front End Server > > > > Be careful with that. It causes a number of issues as well. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Charlie Kaiser > > Sent: Thursday, July 22, 2004 9:06 AM > > To: Exchange Discussions > > Subject: RE: DMZ ports for Front End Server > > > > OK. Thanks! > > > > ********************** > > Charlie Kaiser > > MCSE, CCNA > > Systems Engineer > > Essex Credit / Brickwalk > > 510 595 5083 > > ********************** > > > > > > > -----Original Message----- > > > From: knighTslayer [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, July 22, 2004 8:17 AM > > > To: Exchange Discussions > > > Subject: RE: DMZ ports for Front End Server > > > > > > The closest thing to ensuring that all is good in the > packet is the > > > 'fixup protocol http' command. > > > > > > Though this is limited and addresses issues like: > > > > > > URL logging of GET messages > > > URL screening through N2H2 or Websense Java and ActiveX filtering > > > > > > These functions are for inside requests from the > (O)utside of a PIX. > > > > > > Nothing on HTTPS either. > > > > > > So, I'd say no, or unless there is a revision that does > support it > > > that I don't know about. Maybe wait until a revision of the > > software > > > becomes available that does deep packet inspection (DPI) as > > I believe > > > all firewall vendors are moving this way. > > > > > > So, ISA behind a Pix for you then! > > > > > > K > > > > > > > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On > Behalf Of > > > Charlie Kaiser > > > Sent: 22 July 2004 15:09 > > > To: Exchange Discussions > > > Subject: RE: DMZ ports for Front End Server > > > > > > 515; 6.3(1) > > > > > > ********************** > > > Charlie Kaiser > > > MCSE, CCNA > > > Systems Engineer > > > Essex Credit / Brickwalk > > > 510 595 5083 > > > ********************** > > > > > > > > > > -----Original Message----- > > > > From: knighTslayer [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, July 22, 2004 7:02 AM > > > > To: Exchange Discussions > > > > Subject: RE: DMZ ports for Front End Server > > > > > > > > PIX model and IOS ver? > > > > > > > > Thanks > > > > > > > > K > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] On > > Behalf Of > > > > Charlie Kaiser > > > > Sent: 22 July 2004 14:41 > > > > To: Exchange Discussions > > > > Subject: RE: DMZ ports for Front End Server > > > > > > > > I'm not a firewall guy, so excuse me if this sounds ignorant. > > > > :-) Will a PIX > > > > do this? I'm wondering if we can use our current PIX to do > > > this or if > > > > I need to put in ISA if I plan to go this route when we do our > > > > upcoming E2K3 migration. > > > > Any documentation pointers would be wonderful... > > > > Thanks! > > > > > > > > ********************** > > > > Charlie Kaiser > > > > MCSE, CCNA > > > > Systems Engineer > > > > Essex Credit / Brickwalk > > > > 510 595 5083 > > > > ********************** > > > > > > > > > > > > > I'm pretty sure that this box can do this, only way to find > > > > out is to > > > > > give > > > > > it a go. It should be documented. > > > > > > > > > > It is of my opinion that if you have a decent firewall > > > and you are > > > > > publishing services such as SMTP, FTP, HTTP, HTTPS or > > > anything tcp > > > > > based, then you should always use the proxy function on the > > > > firewall. > > > > > Depending on the firewall, it will protect against > > > protocol attacks > > > > > and more. > > > > > > > > > > ISA is a solution, but it adds an extra box to the > > topology, its > > > > > another machine to patch, maintain, license, power, air > > > > condition etc. > > > > > etc... > > > > > > > > > _________________________________________________________________ > > > > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > > > > Web Interface: > > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > > > ext_mode=&lang > > > > =english > > > > To unsubscribe send a blank email to %%email.unsub%% > > > > Exchange List admin: [EMAIL PROTECTED] > > > > To unsubscribe via postal mail, please contact us at: > > > > Jupitermedia Corp. > > > > Attn: Discussion List Management > > > > 475 Park Avenue South > > > > New York, NY 10016 > > > > > > > > Please include the email address which you have been > > contacted with. > > > > > > > > > > > > > _________________________________________________________________ > > > > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > > > > Web Interface: > > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > > > ext_mode=&lang=english > > > > To unsubscribe send a blank email to %%email.unsub%% > > > > Exchange List admin: [EMAIL PROTECTED] > > > > To unsubscribe via postal mail, please contact us at: > > > > Jupitermedia Corp. > > > > Attn: Discussion List Management > > > > 475 Park Avenue South > > > > New York, NY 10016 > > > > > > > > Please include the email address which you have been > > contacted with. > > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > > ext_mode=&lang > > > =english > > > To unsubscribe send a blank email to %%email.unsub%% > > > Exchange List admin: [EMAIL PROTECTED] > > > To unsubscribe via postal mail, please contact us at: > > > Jupitermedia Corp. > > > Attn: Discussion List Management > > > 475 Park Avenue South > > > New York, NY 10016 > > > > > > Please include the email address which you have been > contacted with. > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > > ext_mode=&lang=english > > > To unsubscribe send a blank email to %%email.unsub%% > > > Exchange List admin: [EMAIL PROTECTED] > > > To unsubscribe via postal mail, please contact us at: > > > Jupitermedia Corp. > > > Attn: Discussion List Management > > > 475 Park Avenue South > > > New York, NY 10016 > > > > > > Please include the email address which you have been > contacted with. > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang > > =english > > To unsubscribe send a blank email to > > %%email.unsub%% > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe send a blank email to > > %%email.unsub%% > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang > =english > To unsubscribe send a blank email to > %%email.unsub%% > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe send a blank email to > %%email.unsub%% > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
