Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange/Outlook Web Access/IIS - secure DMZ setup on Watchguard 750e?

Posted on 2006-11-27
2
Medium Priority
?
826 Views
Last Modified: 2010-08-05
Hi there,

I have been instructed to give secure OWA to our users and I wondered if it is possible to just install IIS on to a Server in the DMZ and then to have OWA requests 'through' that server to be forwarded to our Exchange server on the trusted internal LAN?

i.e. 2 physical boxes - one on trusted LAN and one sitting on DMZ.

Has anyone ever done this on a Watchguard Firebox 750e?

Thanks
0
Comment
Question by:ddh76
2 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 750 total points
ID: 18020595
How do you think putting an Exchange server in the DMZ will provide secure access to OWA?
Please tell me as no one has given me an answer that is acceptable to that question yet.

Putting a domain member in the DMZ is a very bad idea. The number of changes that you have to make to the firewall turns the firewall in to swiss cheese and basically takes away all the security.

There are two ways to provide access to OWA.

1. Simply open port 443 to the internet from your Exchange server. Put an SSL certificate on to the Exchange server.
2. Put an ISA server in the DMZ, that is not a member of the domain and publish OWA through the ISA.

Simon.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question