joewy1
asked on
putting an exchange 2003 server in a DMZ zone
i have a server running server 2003 and exchange 2003. what i would like to do is add a nic card to the server and have the incoming mail delivered to the 2nd nic that is off of my internal network. i have a pix 515 that i will put this nic in a dmz zone. the box has an internal address of 172.20.1.x. i haven't decided what address that i will give the 2nd nic yet. can i make it a totally different network address?
my ? is this...
what config changes need to be performed on the exchange server in order to make this work.
my ? is this...
what config changes need to be performed on the exchange server in order to make this work.
i hope this link helps https://www.experts-exchange.com/questions/21257369/Exchange-2003-front-end-on-DMZ.html
Yep - you can - indeed id is best if you do. If you are planning such an set-up you might want to consider putting an Exchange front-end server in the DMZ and keep the mailboxes secure within your main network. See
http://www.microsoft.com/technet/prodtechnol/exchange/2000/library/frontbak.mspx
http://www.microsoft.com/technet/prodtechnol/exchange/2000/library/frontbak.mspx
There is absolutely nothing gained by putting exchange in the DMZ. Actually, there is much to lose with this configuration. For example, you will need to open many ports in the firewall causing security risk.
There is no reason under any circumstance to put any member of the inside domain in the DMZ, especially exchange.
Put exchange front end or back end on your inside network and open port 443 and 25 only to exchange and verify that exchange is configured properly to preven relay. That is as secure as it gets.
Donnie
There is no reason under any circumstance to put any member of the inside domain in the DMZ, especially exchange.
Put exchange front end or back end on your inside network and open port 443 and 25 only to exchange and verify that exchange is configured properly to preven relay. That is as secure as it gets.
Donnie
Putting exchange in the dmz is a very bad idea. You just have to open up way too many ports on the firewall, thus making it basically useless at that point.
If you really want to increase security then put another server in the DMZ to act as the relay server. Besides, I don't think any member server should be in the dmz.
If you really want to increase security then put another server in the DMZ to act as the relay server. Besides, I don't think any member server should be in the dmz.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.