I have a single Exchange 2010 server which has all roles (except edge obviously) installed. I know that the best way to secure my OWA & ActiveSync for internet clients is to create a second CAS server and setup the appropriate firewall rules (port 80 and 443 for OWA, what ports are needed for ActiveSync?) and point it to it.
My question is this...
Are there security concerns by having everything on the same server and only opening up the ports for OWA and ActiveSync that are needed?
If yes, will this work if I have a Linux proxy server in front of it to forward the ports for Active Sync and OWA?