New Exchange 2003 Installation - ISA Server Function Clarification Please

Posted on 2006-06-23
Medium Priority
Last Modified: 2010-03-06
Can a Microsoft ISA Server installed in the DMZ and configured as a Front End to an Exchange Server 2003 installed on internal LAN also perform role of Web & FTP server?

In other words, can I set up a Windows 2003 server in the DMZ to be all 3 (ISA, Web, & FTP) server?

I have to install a new E-Mail server for our small organization (35 users, 80 PCs, 2 W2K3 Servers) and install Microsoft Exchange 2003 on it.  I do not want to put Exchange 2003 server in DMZ but must set up services for external access like OWA, RPC over HTTP, etc.

We have a PIX firewall, maybe I should not worry about putting Exchange Server 2003 in DMZ, but it would be better not to, correct?

And if I add another Windows server in the DMZ in this triple role would it would not have to be configured as a member server in our AD domain that exists behind INSIDE PIX interface on internal LAN, correct?

What if I brought our Compaq Proliant ML 350 out of retirement for this job?  Could it do the job if wiped & reloaded with Microsoft Windows Server 2003 & ISA?

A complete Exchange Novice,

Question by:dealvis
  • 2
LVL 104

Expert Comment

ID: 16971939
On a small site, I wouldn't bother with an ISA. I would just have the traffic going straight to the Exchange server. You only need two ports open - 25 and 443.

If you insist - then the machine needs to be in a workgroup and it can do whatever you like if configured correctly. I have deployed ISA machines as SMTP relays as well in the past.
As long as the machine is capable of running Windows 2003 then it would be fine for the job.


Author Comment

ID: 16972818
Thank You Simon for responding.  Some clarification please, are you saying you would install Exchange Server 2003 on the internal LAN behind the PIX INSIDE interface (and not the DMZ?)
LVL 104

Accepted Solution

Sembee earned 375 total points
ID: 16974405
Exchange doesn't belong in the DMZ, the number of ports that you have to open for it to work correctly makes the DMZ effectively useless.


Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
A method of moving multiple mailboxes (in bulk) to another database in an Exchange 2010/2013/2016 environment...
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question