Solved

Firewall Configuration

Posted on 2004-09-08
2
160 Views
Last Modified: 2010-03-18
Current setup and Equipment

Internet
Cisco Internet Router
Hardware Firewall
SBS2003 Domain

It’s that simple.

Currently the SBS server only has Exchange Server 2003 installed but if you know SBS, it comes with ISA 2000, which I want to implement. And of course its the domain controller for out internal domain.

What I want to achieve at the end of all this from an external services point of view is, OWA access, OMA access, Onsite SMTP server (is currently functioning) and VPN access. From an internal point of view I need the internet filtering and security capabilities of ISA.

All this now leads to the main question. What network setup would best suit my needs? Security is very important although these services are required.

Just to let you know some of the things I am currently pondering, I have thought about a DMZ, breaking SBS2k3 so that I can split it onto separate hardware ($$) or putting two network cards into the SBS domain controller and installing ISA in integrated mode and then using private IP's in the DMZ etc etc

Owen
0
Comment
Question by:dunkjonesy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 12007358
What I would do.

Install a DMZ, put an exchange front end in the DMZ (= New Server + Exchange Enterprise 2003).
Put all other server in your network..

here is a little diagram

            Internet
                |
            Cisco PIX (Or whatever Hardware firewall you want)
              /                           \
         DMZ                            \
(Exchange Front End)              \
                                            SBS2003 (with exchange backend), other server


Why split your exchange config in 2? For security. You should never let people access your mail server in your Internal network, especially when this server is a DC. People from the ouside would access OWA + their mail on the front End, and people in your private network from the backend. There would be no opened port in your private network this way...
0
 

Author Comment

by:dunkjonesy
ID: 12120822
Thanks for your quick reply and sorry for my late reply.

Ok then the DMZ is privately addressed? And what about the ISA server will that have a network card in the DMZ and one in the private network? If so then that means that the route over those two network cards is filtered by ISA and I can use it as a full proxy.

i.e.
           Internet
                |
            Cisco PIX (Or whatever Hardware firewall you want)
              /                           \
         DMZ                         DMZ
(Exchange Front End)              \
                                         SBS2003 (with exchange backend), other server
                                             /
                                     Private Network (Local Domain)


How does this look?

I am also interested in knowing what someone things about running exchange ISA and a domain controller on the same box and if it is really troublesome?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question