NCUA audtiors want to know why we don't have it is our DMZ currently. At one point I knew an answer but today I don't have a clue.
I know the user access OWA or activesync throught he outside interface of the Firewall. The Firewall NAT's/PAT's the address to my local Lan. The outside interface has a Cert from GoDaddy. Is that really enough? Only access to port 25 or 443 is allowed through the firewall. From: Andrew S. Baker [mailto:[email protected]] Posted At: Wednesday, January 25, 2012 10:19 AM Posted To: [email protected] Conversation: Moving Exchange 2003 into a DMZ Subject: Re: Moving Exchange 2003 into a DMZ Why would you do that? How many ports do you intend to connect from the internet to the Exchange box? And how many are you going to have to open up between the DMZ and the LAN in order to get it to function? What problem do you hope to solve by moving it? ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Wed, Jan 25, 2012 at 9:13 AM, [email protected] <[email protected]> wrote: I have Exchange 2003 sitting here on my local lan. I want to move it to my Firewall lan and set it in the DMZ lan there. >From the outside interface of the Firewall I just need to NAT/PAT it to the new DMZ ip address. No change to the SSL Cert because that is to the outside interface(Correct?) >From the clients that are internal when I change the DNS record they should point to the internal DMZ address of the server with no client changes? (Correct?) Smartphones and tablets that have email coming to them use the outside interface fo the firewall so they should be fine? (Correct?) If I have management consoles that send SMTP email internally (VirusScan type things) or those interfaces that use IP instead of FQDN, they will have to be manually corrected when the move happens to point to the internal DMZ address of the server? (Correct?) Thanks ahead of time. Also, what would it take to just build an Exchange 2010 server and just start migrating users to it instead of moving my 2003 box anyways? As always I am humbly asking to not be beaten for my stupidity but given your wisdom on the subject instead. Thanks David ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
