Solved

Firewall Configuration

Posted on 2004-09-08
2
155 Views
Last Modified: 2010-03-18
Current setup and Equipment

Internet
Cisco Internet Router
Hardware Firewall
SBS2003 Domain

It’s that simple.

Currently the SBS server only has Exchange Server 2003 installed but if you know SBS, it comes with ISA 2000, which I want to implement. And of course its the domain controller for out internal domain.

What I want to achieve at the end of all this from an external services point of view is, OWA access, OMA access, Onsite SMTP server (is currently functioning) and VPN access. From an internal point of view I need the internet filtering and security capabilities of ISA.

All this now leads to the main question. What network setup would best suit my needs? Security is very important although these services are required.

Just to let you know some of the things I am currently pondering, I have thought about a DMZ, breaking SBS2k3 so that I can split it onto separate hardware ($$) or putting two network cards into the SBS domain controller and installing ISA in integrated mode and then using private IP's in the DMZ etc etc

Owen
0
Comment
Question by:dunkjonesy
2 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
Comment Utility
What I would do.

Install a DMZ, put an exchange front end in the DMZ (= New Server + Exchange Enterprise 2003).
Put all other server in your network..

here is a little diagram

            Internet
                |
            Cisco PIX (Or whatever Hardware firewall you want)
              /                           \
         DMZ                            \
(Exchange Front End)              \
                                            SBS2003 (with exchange backend), other server


Why split your exchange config in 2? For security. You should never let people access your mail server in your Internal network, especially when this server is a DC. People from the ouside would access OWA + their mail on the front End, and people in your private network from the backend. There would be no opened port in your private network this way...
0
 

Author Comment

by:dunkjonesy
Comment Utility
Thanks for your quick reply and sorry for my late reply.

Ok then the DMZ is privately addressed? And what about the ISA server will that have a network card in the DMZ and one in the private network? If so then that means that the route over those two network cards is filtered by ISA and I can use it as a full proxy.

i.e.
           Internet
                |
            Cisco PIX (Or whatever Hardware firewall you want)
              /                           \
         DMZ                         DMZ
(Exchange Front End)              \
                                         SBS2003 (with exchange backend), other server
                                             /
                                     Private Network (Local Domain)


How does this look?

I am also interested in knowing what someone things about running exchange ISA and a domain controller on the same box and if it is really troublesome?
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now