Put my Exchange 2007 in a DMZ

Posted on 2010-03-23
Medium Priority
Last Modified: 2012-05-09

I'd like to know what you think about put an exchange server in a DMZ.  I have read that putting Exchange in a DMZ is one of the most hotly debated subjects in the Exchange community.  Nowadays, my exchange works perfectly in my internal network and I use ISA Server to protect it.  What do you suggest about it?

Question by:anovaes
LVL 20

Assisted Solution

by:Rick Fee
Rick Fee earned 400 total points
ID: 28380572
Don't....there is no need to place a Exchange server in the DMZ...the only thing you would be doing is adding a complex setup with NO security benefit.
LVL 20

Assisted Solution

by:Satya Pathak
Satya Pathak earned 200 total points
ID: 28381085
LVL 49

Assisted Solution

Akhater earned 400 total points
ID: 28381362
Exchange should not be in a DMZ there is nothing to debate here,

if you put it in your dmz you will have so many ports to open that it won't  be a DMZ anymore.

moreover with ISA in place a DMZ is a complete loss of money, you have everything to protect your exchange server. just keep it where it is
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

LVL 58

Accepted Solution

tigermatt earned 1000 total points
ID: 28385300

>> my exchange works perfectly in my internal network and I use ISA Server to protect it

For a Mailbox, Hub Transport or Client Access Server, the Internal Network is where it should be. Placing any Exchange Server in the DMZ will make your firewall rules look like swiss cheese - security holes everywhere.

If you want perimeter protection, the Exchange 2007/2010 Edge Transport role is the only type of Exchange machine designed to be placed in the DMZ. It is not directly connected with Active Directory or Exchange; there are mechanisms to sync the two, so the security issues are minimised.

I wrote an article here at EE with more information on Exchange Servers and DMZs: http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Why-you-shouldn't-put-an-Exchange-Server-in-the-DMZ.html.


Author Comment

ID: 28394334
I think I got a little bit confused because I have found many articles about this subject and I could see that SMTP Servers are located in DMZ.  Now I'm convinced that Exchange Server should be in my internal network.  Now, I will just create a DMZ to put my external DNS.  Thanks a lot.
LVL 49

Expert Comment

ID: 28395062
glad we were able to clarify it

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question