• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 163
  • Last Modified:

Firewall Configuration

Current setup and Equipment

Internet
Cisco Internet Router
Hardware Firewall
SBS2003 Domain

It’s that simple.

Currently the SBS server only has Exchange Server 2003 installed but if you know SBS, it comes with ISA 2000, which I want to implement. And of course its the domain controller for out internal domain.

What I want to achieve at the end of all this from an external services point of view is, OWA access, OMA access, Onsite SMTP server (is currently functioning) and VPN access. From an internal point of view I need the internet filtering and security capabilities of ISA.

All this now leads to the main question. What network setup would best suit my needs? Security is very important although these services are required.

Just to let you know some of the things I am currently pondering, I have thought about a DMZ, breaking SBS2k3 so that I can split it onto separate hardware ($$) or putting two network cards into the SBS domain controller and installing ISA in integrated mode and then using private IP's in the DMZ etc etc

Owen
0
dunkjonesy
Asked:
dunkjonesy
1 Solution
 
Yan_westCommented:
What I would do.

Install a DMZ, put an exchange front end in the DMZ (= New Server + Exchange Enterprise 2003).
Put all other server in your network..

here is a little diagram

            Internet
                |
            Cisco PIX (Or whatever Hardware firewall you want)
              /                           \
         DMZ                            \
(Exchange Front End)              \
                                            SBS2003 (with exchange backend), other server


Why split your exchange config in 2? For security. You should never let people access your mail server in your Internal network, especially when this server is a DC. People from the ouside would access OWA + their mail on the front End, and people in your private network from the backend. There would be no opened port in your private network this way...
0
 
dunkjonesyAuthor Commented:
Thanks for your quick reply and sorry for my late reply.

Ok then the DMZ is privately addressed? And what about the ISA server will that have a network card in the DMZ and one in the private network? If so then that means that the route over those two network cards is filtered by ISA and I can use it as a full proxy.

i.e.
           Internet
                |
            Cisco PIX (Or whatever Hardware firewall you want)
              /                           \
         DMZ                         DMZ
(Exchange Front End)              \
                                         SBS2003 (with exchange backend), other server
                                             /
                                     Private Network (Local Domain)


How does this look?

I am also interested in knowing what someone things about running exchange ISA and a domain controller on the same box and if it is really troublesome?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now