Solved

New Exchange 2003 Installation - ISA Server Function Clarification Please

Posted on 2006-06-23
3
211 Views
Last Modified: 2010-03-06
Can a Microsoft ISA Server installed in the DMZ and configured as a Front End to an Exchange Server 2003 installed on internal LAN also perform role of Web & FTP server?

In other words, can I set up a Windows 2003 server in the DMZ to be all 3 (ISA, Web, & FTP) server?

I have to install a new E-Mail server for our small organization (35 users, 80 PCs, 2 W2K3 Servers) and install Microsoft Exchange 2003 on it.  I do not want to put Exchange 2003 server in DMZ but must set up services for external access like OWA, RPC over HTTP, etc.

We have a PIX firewall, maybe I should not worry about putting Exchange Server 2003 in DMZ, but it would be better not to, correct?

And if I add another Windows server in the DMZ in this triple role would it would not have to be configured as a member server in our AD domain that exists behind INSIDE PIX interface on internal LAN, correct?

What if I brought our Compaq Proliant ML 350 out of retirement for this job?  Could it do the job if wiped & reloaded with Microsoft Windows Server 2003 & ISA?

A complete Exchange Novice,
DALVIS

0
Comment
Question by:dealvis
  • 2
3 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16971939
On a small site, I wouldn't bother with an ISA. I would just have the traffic going straight to the Exchange server. You only need two ports open - 25 and 443.

If you insist - then the machine needs to be in a workgroup and it can do whatever you like if configured correctly. I have deployed ISA machines as SMTP relays as well in the past.
As long as the machine is capable of running Windows 2003 then it would be fine for the job.

Simon.
0
 

Author Comment

by:dealvis
ID: 16972818
Thank You Simon for responding.  Some clarification please, are you saying you would install Exchange Server 2003 on the internal LAN behind the PIX INSIDE interface (and not the DMZ?)
0
 
LVL 104

Accepted Solution

by:
Sembee earned 125 total points
ID: 16974405
Correct.
Exchange doesn't belong in the DMZ, the number of ports that you have to open for it to work correctly makes the DMZ effectively useless.

Simon.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates‚Ķ

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now