al_ghamdi
asked on
DMZ for exchange and IIS how can I use them!!??
my network has main domain controller with 1 network card.
I have an ISA server with 3 network card.
LAN, WAN, DMZ
exchange and IIS server both with 2 network card
LAN, DMZ
what is the best configration to configer my exchange and IIS to configer them with DMZ, and what the benefit i will get it if i did so?
is tehre any things I need to care about when I configer DMZ?
regards
I have an ISA server with 3 network card.
LAN, WAN, DMZ
exchange and IIS server both with 2 network card
LAN, DMZ
what is the best configration to configer my exchange and IIS to configer them with DMZ, and what the benefit i will get it if i did so?
is tehre any things I need to care about when I configer DMZ?
regards
You will want to connect your Exchange and IIS machine to the DMZ segment of the network ONLY. You can then allow certain administrative access from the LAN to the DMZ machines in the ISA server. You'll also need to configure certain ports open from the DMZ to the DC on the LAN back through the ISA server for authentication, etc. Let me know if you need more detail on the ports and I will post.
ASKER
Hi,
can i have more information about that?
meverest: you said : If your dmz server is compromised, then your entire lan becomes open to attack.
i need more details please.
Also, bsmith80:
can i have more details what are the best and high security i can confirget for my network?
regards.
can i have more information about that?
meverest: you said : If your dmz server is compromised, then your entire lan becomes open to attack.
i need more details please.
Also, bsmith80:
can i have more details what are the best and high security i can confirget for my network?
regards.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
having a server with both DMZ and LAN interfaces pretty much defeats the purpose of having a DMZ at all.
the idea of DMZ is that not only is there a firewall between your server and the internet to protect the server against attacks, but the firewall is also between the server and you LAN, thus protecting your LAN against the DMZ server just in case the server is compromised.
putting the DMZ servers direct to your lan takes away the second benefit. If your dmz server is compromised, then your entire lan becomes open to attack.
Cheers.