I hope this is not a dumb question but here goes. There are no internal users on our network. Everyone works in the field in different locations around the country.
GIVEN that, the web server is behind a firewall in a DMZ and allows port 80 thru to itself. The exchange server is behind a second firewall and allows 443 thru to itself and SMTP 25 both ways. Both are ports(just open holes in a firewall), both are accessible. So why does it make the back office network any more secure but putting a web server in a DMZ and not making it part of the internal network?