Solved

Exchange/Outlook Web Access/IIS - secure DMZ setup on Watchguard 750e?

Posted on 2006-11-27
2
800 Views
Last Modified: 2010-08-05
Hi there,

I have been instructed to give secure OWA to our users and I wondered if it is possible to just install IIS on to a Server in the DMZ and then to have OWA requests 'through' that server to be forwarded to our Exchange server on the trusted internal LAN?

i.e. 2 physical boxes - one on trusted LAN and one sitting on DMZ.

Has anyone ever done this on a Watchguard Firebox 750e?

Thanks
0
Comment
Question by:ddh76
2 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 18020595
How do you think putting an Exchange server in the DMZ will provide secure access to OWA?
Please tell me as no one has given me an answer that is acceptable to that question yet.

Putting a domain member in the DMZ is a very bad idea. The number of changes that you have to make to the firewall turns the firewall in to swiss cheese and basically takes away all the security.

There are two ways to provide access to OWA.

1. Simply open port 443 to the internet from your Exchange server. Put an SSL certificate on to the Exchange server.
2. Put an ISA server in the DMZ, that is not a member of the domain and publish OWA through the ISA.

Simon.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question