?
Solved

Firewall Configuration

Posted on 2004-09-08
2
Medium Priority
?
161 Views
Last Modified: 2010-03-18
Current setup and Equipment

Internet
Cisco Internet Router
Hardware Firewall
SBS2003 Domain

It’s that simple.

Currently the SBS server only has Exchange Server 2003 installed but if you know SBS, it comes with ISA 2000, which I want to implement. And of course its the domain controller for out internal domain.

What I want to achieve at the end of all this from an external services point of view is, OWA access, OMA access, Onsite SMTP server (is currently functioning) and VPN access. From an internal point of view I need the internet filtering and security capabilities of ISA.

All this now leads to the main question. What network setup would best suit my needs? Security is very important although these services are required.

Just to let you know some of the things I am currently pondering, I have thought about a DMZ, breaking SBS2k3 so that I can split it onto separate hardware ($$) or putting two network cards into the SBS domain controller and installing ISA in integrated mode and then using private IP's in the DMZ etc etc

Owen
0
Comment
Question by:dunkjonesy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 2000 total points
ID: 12007358
What I would do.

Install a DMZ, put an exchange front end in the DMZ (= New Server + Exchange Enterprise 2003).
Put all other server in your network..

here is a little diagram

            Internet
                |
            Cisco PIX (Or whatever Hardware firewall you want)
              /                           \
         DMZ                            \
(Exchange Front End)              \
                                            SBS2003 (with exchange backend), other server


Why split your exchange config in 2? For security. You should never let people access your mail server in your Internal network, especially when this server is a DC. People from the ouside would access OWA + their mail on the front End, and people in your private network from the backend. There would be no opened port in your private network this way...
0
 

Author Comment

by:dunkjonesy
ID: 12120822
Thanks for your quick reply and sorry for my late reply.

Ok then the DMZ is privately addressed? And what about the ISA server will that have a network card in the DMZ and one in the private network? If so then that means that the route over those two network cards is filtered by ISA and I can use it as a full proxy.

i.e.
           Internet
                |
            Cisco PIX (Or whatever Hardware firewall you want)
              /                           \
         DMZ                         DMZ
(Exchange Front End)              \
                                         SBS2003 (with exchange backend), other server
                                             /
                                     Private Network (Local Domain)


How does this look?

I am also interested in knowing what someone things about running exchange ISA and a domain controller on the same box and if it is really troublesome?
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question