rparsons1000
asked on
UAG 2010 Placement
I am trying to understand the potential role of UAG 2010 in our environment. One thing we do want is Direct Access at some point but as it stands now our environment is:
Internet <-> Firewall <-> DMZ <-> Firewall <-> Internal Network
In the DMZ I have an Exchange 2007 CAS (OWA & Activesync) and 2 IIS web servers with software load balancing. There are also a few other servers for SIP telephony (3rd party) and such.
If I were to purchase UAG, would that elimate the DMZ and all be accessed in the Internal Network? One of my frustrations is configuring all the ports to allow the DMZ servers access into the network for Active Directory and such. It is a ton of rules I'd like to not have to configure. I also understand having the Exchange CAS in my scenario is not a very good idea.
Internet <-> Firewall <-> DMZ <-> Firewall <-> Internal Network
In the DMZ I have an Exchange 2007 CAS (OWA & Activesync) and 2 IIS web servers with software load balancing. There are also a few other servers for SIP telephony (3rd party) and such.
If I were to purchase UAG, would that elimate the DMZ and all be accessed in the Internal Network? One of my frustrations is configuring all the ports to allow the DMZ servers access into the network for Active Directory and such. It is a ton of rules I'd like to not have to configure. I also understand having the Exchange CAS in my scenario is not a very good idea.
ASKER
So my current DMZ resources would move back into the internal network or would they stay where they are and UAG would handle all traffic between Firewall to DMZ and DMZ to Internal network?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thanks a lot. Your answers make a lot of sense and creates a lot of network redesign thoughts...
Why?! This is unsupported and highly unrecommended!!
>>>One of my frustrations is configuring all the ports to allow the DMZ servers access into the network for Active Directory and such
Which is exactly why you shouldn't do the above!!
Essentially, yes UAG is for prvoiding access to internal resources, it's a VPN and revers proxy. It also supports DirectAccess which is integrated in to Windows 7.