IPSec is a nice idea too. But you need to test test test. Sincerely,
Andrey Fyodorov Systems Engineer Messaging and Collaboration Spherion -----Original Message----- From: Leeann McCallum [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 7:32 PM To: Exchange Discussions Subject: RE: OWA front end server - licensing and security You could throw an OWA front end server in the DMZ, put certificate on as Ed suggests, and then wrap everything up in an IPSEC packet that goes between the front end and backend. Between the client on the net and the front end, you would use SSL, so just open 443. -----Original Message----- From: Erick Thompson [mailto:[EMAIL PROTECTED] Sent: Wednesday, 17 September 2003 11:29 a.m. To: Exchange Discussions Subject: RE: OWA front end server - licensing and security Ed, I'm a little confused. You're recommending that I put in a front end server, but not in the DMZ? It seems to me that I might have to open a bunch of ports, but if the front end server is in the LAN, all ports are by default open. Just to clarify, I have one Exchange server which lives on my LAN, and there is an SMTP server in my DMZ that relays messages to the Exchange server. At the moment, I don't have any other Exchange servers running. Thanks, Erick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Ed Crowley > Sent: Tuesday, September 16, 2003 4:25 PM > To: Exchange Discussions > Subject: Re: OWA front end server - licensing and security > > > Instal a certificate on the front-end server and open > port 443 to the front-end server. Putting a front-end > server in a DMZ requires you to open lots of dangerous > ports through the internal firewall to the Exchange > servers, DCs and GCs. > > Ed > > --- Erick Thompson <[EMAIL PROTECTED]> wrote: > > I'm setting up OWA in my organization, and I have > > two choices. I can set up Exchange on the web server > > (in the DMZ), and specify it as a front end server, > > or I can open port 80 to the primary Exchange > > server. From a security standpoint, I really like > > the first option, but I'm thinking that I need a > > second Exchange Enterprise license. Am I correct in > > this? > > > > Am I being too paranoid about opening port 80 > > through to the internal Exchange server? I've never > > liked the idea of raw traffic entering my LAN.... > > > > Thanks, > > Erick > > > > > _________________________________________________________________ > > List posting FAQ: > > http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english > To unsubscribe: > mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ######################################################################## ##### Notice: This e-mail message is only intended to be read by the named recipient. It may contain information which is confidential, proprietary or the subject of legal privilege. If you are not the intended recipient please notify the sender immediately and delete this e-mail. You may not use any information contained in it. Legal privilege is not waived because you have read this e-mail. For further information on the Beca Group of Companies, visit our web page http://www.beca.co.nz ######################################################################## ##### _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
