Zenith63
asked on
ISA server in Sonicwall DMZ help for OWA help
Hi there,
I've got a SonicWall Pro 2040 Enh. OS and here's what I'm trying to do -
I have a single Exchange 2007 server on the LAN. I want to connect a server to the DMZ port of my Sonicwall and mainly use it as an ISA reverse proxy for OWA access to the Exchange server. There are a few things I haven't dealt with before so I have some general questions -
1. Do I need two NICs in my server in the DMZ for ISA?
2. The server has to get a public IP right? If I have 8 public IPs with my ADSL connection at the moment can I divide this into two subnets and use one of these? Any way of avoiding this and just "allocating" one of the IPs from the WAN interface of the Sonicwall to save getting more IPs?
3. If I have this server with ISA on it doing reverse proxy for OWA to protect the Exchange server, does it make sense for the Sonicwall to forward incoming SMTP traffic to this ISA box and have it forward that onto the internal Exchange server?
That's it really. Besides knowing what a DMZ is and does I have no practical knowledge of it, and the same goes for ISA, so I'd appreciate reasonably detailed answers if possible.
Thanks!
I've got a SonicWall Pro 2040 Enh. OS and here's what I'm trying to do -
I have a single Exchange 2007 server on the LAN. I want to connect a server to the DMZ port of my Sonicwall and mainly use it as an ISA reverse proxy for OWA access to the Exchange server. There are a few things I haven't dealt with before so I have some general questions -
1. Do I need two NICs in my server in the DMZ for ISA?
2. The server has to get a public IP right? If I have 8 public IPs with my ADSL connection at the moment can I divide this into two subnets and use one of these? Any way of avoiding this and just "allocating" one of the IPs from the WAN interface of the Sonicwall to save getting more IPs?
3. If I have this server with ISA on it doing reverse proxy for OWA to protect the Exchange server, does it make sense for the Sonicwall to forward incoming SMTP traffic to this ISA box and have it forward that onto the internal Exchange server?
That's it really. Besides knowing what a DMZ is and does I have no practical knowledge of it, and the same goes for ISA, so I'd appreciate reasonably detailed answers if possible.
Thanks!
mikecr
Do you already have ISA Server? That's an awful lot of expense just to put in a reverse proxy for OWA. You're going to have some problems with it anyhow because you're going to need to install certificates on the ISA server so that you can do HTTPS reverse proxy back to the Exchange server. This becomes problematic. I'm not trying to talk you out of it but from the sounds of it your a novice at this and it will get way over your head quickly. Are you familiar with ISA server at all?
ASKER
There are reasons I have to isolate the LAN with a solution like this, and from reading about this seems to be the way to go but I'm open to suggestions.
I have never so much as looked at ISA, but I have a very in-depth knowledge of most other MS products out there and with firewalls in general so I'm confident I'll figure it out. I'm happy to learn, so I'm not too concerned if I have to spend a few days getting it right.
As I say I'm open to suggestions, but if you can give me some overall ideas of what I'm looking for I'll figure the rest out...==
I have never so much as looked at ISA, but I have a very in-depth knowledge of most other MS products out there and with firewalls in general so I'm confident I'll figure it out. I'm happy to learn, so I'm not too concerned if I have to spend a few days getting it right.
As I say I'm open to suggestions, but if you can give me some overall ideas of what I'm looking for I'll figure the rest out...==
First off, you need to get a certificate for your OWA server and proxy server to make this easier so that you can do HTTPS. Do you have OWA configured already? I'm not familiar enough with Exchange 2007 yet but I worked with ISA server quite a bit. Below are the instructions to configure Outlook Web Access publishing on ISA 2004.
http://www.microsoft.com/technet/isa/2004/plan/single_adapter.mspx
http://www.microsoft.com/technet/isa/2004/plan/single_adapter.mspx
ASKER
Thanks for that link, that looks like it is what I'm after!
Any ideas on the three questions I asked above?
Any ideas on the three questions I asked above?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.