Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 191
  • Last Modified:

2003 Server, ISA & Exchange

I have an exisitng Win 2003 Enterprise Server in place acting as AD Controlor, Web Server, File Server, Print Server & VPN Server.  I have an addition 2003 Enterprise Server that I want to USe as an Exchange Server and ISA Irewall.  Is this possible?

If so, great :), can I get some tips on how to begin and if not would it be possible to place Exchange on my eisting server, etc.
1 Solution
I see no reason you should not use the second server to put your ES on.

Personally I wouldn't put ISA on it - I prefer separate firewall appliances. Having not used ISA I can't really comment on using it in this manner.

Give you a backup Domain Controller too.

Mike KlineCommented:

Take a look at this page,  the describe various scenarious for using Exchange and ISA on the same box.


This is another good paper


So you should be able to put it on the same box, our security team is on the same wave lengthy as comley, we use hardware firewalls but ISA has come a long way and I think it will continue to gain acceptance.

invaluable resources for doing things like this


personally, i am not opposed to having ISA on the same box as exchange - it isnt ideal, but it looks like there wouldnt be too much load on these servers anyway (as you are making them do quite alot)

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

While not technically impossible to run this scenario, it's not ideal.  Your ISA should be edge protection for everything.  Installing Exchange on the firewall introduces it's own set of issues.  You'll need to server publish the Exhange installation and if your mail server is compromised, then so is your firewall.

The most secure setup would be using ISA in a 3-leg configuration - LAN, DMZ and Public facing interfaces.  Place the Web server and VPN server in the DMZ, put Exchange on the DC inside.  Although it isn't the greatest setup (since Exchange is better on a member server for security) and it will require one more server, you are better protected.

ISA 2004 is a fine product - I use it.  It is remarkably well put together in terms of being able to server publish using Wizards to make it fool-proof.  It does cause a bit of a headache to first configure since it is entirely locked down, but it works good.  One word of advice - do not install it on a DC - it's not supported by Microsoft in this configuration.  I have the installation on a DC and it was incredibly difficult to define rules since there must be rulesets for internal to localhost and back for normal client-server communication - trust me, it's a ton of work to configure correctly without opening up everything.

Think carefully about security before making any decisions.


mikemanerAuthor Commented:
Just so I am clear, you would suggest putting Exchange on the existing DC and ISA on another machine at the edge of the network  Isa should be on 2003 server install but not acting as a DC?  Is all that correct?
Yes, it would be the lesser of two evils anyway!

If Exchange ran on your DC it wouldn't be a perfect setup, but at the very least it won't be exposed on the edge of your LAN.  It can easily be publish via ISA on the member server.


Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now