I'm curious about how people are implementing FE/BE Exchange communication. It absolutely kills me that all of this traffic is being transported through all of these ports via clear text.
I thought about encrypting all of it using IPSEC but we are using NAT between the DMZ and the Internal firewall. So all the traffic will get dropped. I remember reading that with cisco you can encapsulate IPSEC with UDP but I can't find any documentation on that. Another question is, even if you do use IPSEC do you still need to open the individual ports? My understanding is that you don't but someone is telling me that you do. Any help/advice/heckling will be appreciated.....not so much the heckling though --------------------------------------------------------------------------- ---------------------------------------------------------------------------
