How do I relocate an Exchange 2003 server behind a Kerio WinRoute Firewall?
Posted on 2006-05-22
My Exchange server is currently sitting outside our firewall. It is dual homed and is functioning perfectly. My concern is for security. I tend to believe that access to the server could be compromised the longer it sits open to the internet and relatively unprotected.
Our company recently implemented a new Kerio WinRoute firewall on one of our servers. We have been successful in routing our website traffic through the firewall. All users are accessing the internet via this software/hardware combination.
For simplicity's sake, the two IP sets are as follows:
Exchange Internal: 188.8.131.52
Exchange External: 184.108.40.206
Firewall Internal: 220.127.116.11
Firewall External: 18.104.22.168
My thinking is that Exchange internal gateway should be changed to 22.214.171.124 and the external NIC removed. How is traffic to this server rerouted through the firewall's external NIC (126.96.36.199), then? Does my ISP have to get involved here and change some DNS settings somewhere?
I think I can handle opening and closing the necessary ports on the firewall (443, 25, etc.), so that shouldn't be too much of an issue...I just want to make sure I have the IP settings in my head correctly before I start making changes. My goal is minimal downtime for email services.