We help IT Professionals succeed at work.

putting an exchange 2003 server in a DMZ zone

276 Views
Last Modified: 2010-04-11
i have a server running server 2003 and exchange 2003. what i would like to do is add a nic card to the server and have the incoming mail delivered to the 2nd nic that is off of my internal network. i have a pix 515 that i will put this nic in a dmz zone. the box has an internal address of 172.20.1.x. i haven't decided what address that i will give the 2nd nic yet. can i make it a totally different network address?

my ? is this...
what config changes need to be performed on the exchange server in order to make this work.
Comment
Watch Question

Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:
Yep - you can - indeed id is best if you do. If you are planning such an set-up you might want to consider putting an Exchange front-end server in the DMZ and keep the mailboxes secure within your main network. See

http://www.microsoft.com/technet/prodtechnol/exchange/2000/library/frontbak.mspx

Donnie4572IT Manager

Commented:
There is absolutely nothing gained by putting exchange in the DMZ. Actually, there is much to lose with this configuration. For example, you will need to open many ports in the firewall causing security risk.

There is no reason under any circumstance to put any member of the inside domain in the DMZ, especially exchange.

Put exchange front end or back end on your inside network and open port 443 and 25 only to exchange and verify that exchange is configured properly to preven relay. That is as secure as it gets.

Donnie


Kevin HaysIT Analyst
CERTIFIED EXPERT

Commented:
Putting exchange in the dmz is a very bad idea.  You just have to open up way too many ports on the firewall, thus making it basically useless at that point.

If you really want to increase security then put another server in the DMZ to act as the relay server.  Besides, I don't think any member server should be in the dmz.
Expert of the Year 2007
Expert of the Year 2006
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.