How do I relocate an Exchange 2003 server behind a Kerio WinRoute Firewall?
Posted on 2006-05-22
My Exchange server is currently sitting outside our firewall. It is dual homed and is functioning perfectly. My concern is for security. I tend to believe that access to the server could be compromised the longer it sits open to the internet and relatively unprotected.
Our company recently implemented a new Kerio WinRoute firewall on one of our servers. We have been successful in routing our website traffic through the firewall. All users are accessing the internet via this software/hardware combination.
For simplicity's sake, the two IP sets are as follows:
Exchange Internal: 184.108.40.206
Exchange External: 220.127.116.11
Firewall Internal: 18.104.22.168
Firewall External: 22.214.171.124
My thinking is that Exchange internal gateway should be changed to 126.96.36.199 and the external NIC removed. How is traffic to this server rerouted through the firewall's external NIC (188.8.131.52), then? Does my ISP have to get involved here and change some DNS settings somewhere?
I think I can handle opening and closing the necessary ports on the firewall (443, 25, etc.), so that shouldn't be too much of an issue...I just want to make sure I have the IP settings in my head correctly before I start making changes. My goal is minimal downtime for email services.