Configuration of OWA

minniejp
minniejp used Ask the Experts™
on
OWA Configuration:
I am trying to configure OWA and wanted to know if below is a security risk on the firewall:
I have a public IP address which users will use to access OWA, therefore on the firewall I will have the following configuration:

access-list incoming 10 permit tcp any host (public_IP) eq https (this is set on the outside interface)
NEXT:
static (inside, outside) (Public_IP) (Exchange IP) MASK

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Hi there

In terms of actual security risk - it is quite minimal as you are only allowing https through to the translated box.  On a broader scale, any security risk is a risk - all you can do is make things as secure as you can and where your budget allows.  A smaller organisation might have for instance a PIX506E running with an inside, outside translation for OWA.  A larger or enterprise organisation would most likely use a DMZ for OWA - meaning that you are allowing https through to the DMZ - then from there the OWA box communicates with the lan via smtp (for mail), ldap, 2003, etc for authentication to a DC.  It is minimising the risk again by allowing only certain ports through to the LAN should a DMZ box be compromised.  

hope this helps
Also, because you are allowing Domain Users to authenticate on a public address, you should have a good internal security policy in place regarding logins and password length and complexity.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial