Solved

Firewall Configuration

Posted on 2004-09-08
2
156 Views
Last Modified: 2010-03-18
Current setup and Equipment

Internet
Cisco Internet Router
Hardware Firewall
SBS2003 Domain

It’s that simple.

Currently the SBS server only has Exchange Server 2003 installed but if you know SBS, it comes with ISA 2000, which I want to implement. And of course its the domain controller for out internal domain.

What I want to achieve at the end of all this from an external services point of view is, OWA access, OMA access, Onsite SMTP server (is currently functioning) and VPN access. From an internal point of view I need the internet filtering and security capabilities of ISA.

All this now leads to the main question. What network setup would best suit my needs? Security is very important although these services are required.

Just to let you know some of the things I am currently pondering, I have thought about a DMZ, breaking SBS2k3 so that I can split it onto separate hardware ($$) or putting two network cards into the SBS domain controller and installing ISA in integrated mode and then using private IP's in the DMZ etc etc

Owen
0
Comment
Question by:dunkjonesy
2 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 12007358
What I would do.

Install a DMZ, put an exchange front end in the DMZ (= New Server + Exchange Enterprise 2003).
Put all other server in your network..

here is a little diagram

            Internet
                |
            Cisco PIX (Or whatever Hardware firewall you want)
              /                           \
         DMZ                            \
(Exchange Front End)              \
                                            SBS2003 (with exchange backend), other server


Why split your exchange config in 2? For security. You should never let people access your mail server in your Internal network, especially when this server is a DC. People from the ouside would access OWA + their mail on the front End, and people in your private network from the backend. There would be no opened port in your private network this way...
0
 

Author Comment

by:dunkjonesy
ID: 12120822
Thanks for your quick reply and sorry for my late reply.

Ok then the DMZ is privately addressed? And what about the ISA server will that have a network card in the DMZ and one in the private network? If so then that means that the route over those two network cards is filtered by ISA and I can use it as a full proxy.

i.e.
           Internet
                |
            Cisco PIX (Or whatever Hardware firewall you want)
              /                           \
         DMZ                         DMZ
(Exchange Front End)              \
                                         SBS2003 (with exchange backend), other server
                                             /
                                     Private Network (Local Domain)


How does this look?

I am also interested in knowing what someone things about running exchange ISA and a domain controller on the same box and if it is really troublesome?
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now