• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1008
  • Last Modified:

Exchange Preparation Edge Transport Server

Hi Everyone,

I am in the midst of an Exchange 2010 upgrade, we are going to be running Exchange in a VMware vSphere 4 environment. Our organization has about 60 employee's and we want to use OWA, as well as Outlook Anywhere.

We like to know our information is secure, which is why I want to use Edge Transport Server. However, we only really have one firewall appliance it is a Cisco ASA 5510. What I would like to know is the literature recommends a perimeter network for the Edge Server and it then talks to the Hub Transport server through another firewall initiating a secure LDAP connection.

Do I need two firewall appliances to do this? Or can I just port forward SMTP traffic to the Edge Transport server if I use a different port on the ASA plugged directly into the Edge Server?  And have all other traffic go in and out of another port on an internal network?

For example, if I have Eth 0/0 on a 10 network, internally can I have all internet traffic but SMTP (25) forwarded internally. Then on Eth 0/1 have a 172 network for just SMTP port 25 traffic to be sent to in turn Eth 0/1 would be plugged directly into the Edge Server.

Then the plan because we are smaller would be to have the CAS, HUB on one server and the MBOX Data on another. Please correct me if I am wrong or something doesn't sound right as this is my first Exchange implementation on this scale.
0
DMayo
Asked:
DMayo
  • 4
  • 3
  • 3
2 Solutions
 
Glen KnightCommented:
I personally wouldn't bother with the Edge Transport Server.  This is designed to be placed in a DMZ

setup you Hub & CAS server and forward port 25 and 443 to it from your firewall that should be more than sufficient.
0
 
AkhaterCommented:
The purpose of the Edge it to act as an SMTP gateway and filter emails for virus/spam etc... so if when you say "We like to know our information is secure" you talk about encryption the edge won't add anything for you here


OWA and RPC/HTTP works on HTTPS so the information will be encrypted nothing to worry about here.


If you still want to use Edge as mail filter and you don't have the possibility to do a DMZ edge can still be inside your network no issues here either
0
 
DMayoAuthor Commented:
Yes when I say secure, I understand there is no encryption added, however I like the double layer of spam/virus protection if I then install ForeFront.

I will take it into consideration not to use it at all if people don't really both with it, however just for my knowledge when you say "DMZ" when I think of a DMZ I think of something that is not firewall protected and right accessible on the internet. Is that what you are suggesting to not even put it behind a firewall? Or are you just assuming DMZ is my perimeter network that is less secure than my internal network.

I do plan to use this as a Smart Host if I am going to do it, however, I am just curious do you mean something like this?
exhcnage.jpg
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
AkhaterCommented:
My idea was to put it on the internal side of your firewall in your LAN rather than outside.

putting it outside is a bad idea
0
 
Glen KnightCommented:
DMZ is your perimeter network.

I have to be hones for 60 users and the coat of an aditional exchange license I still wouldn't be using an edge transport server.

Invest in a product like Vamsoft http://www.vamsoft.com and install it on your HT server.
0
 
AkhaterCommented:
alternatively you can enable anti-span agent on your HUB transport server
0
 
Glen KnightCommented:
That's another option :)
0
 
AkhaterCommented:
0
 
DMayoAuthor Commented:
I agree, we cannot really afford another Exchange Server License. I appreciate both your help.
0
 
DMayoAuthor Commented:
Thank you for your quick response.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now