Solved

Exchange 2010 internet facing security advice

Posted on 2011-09-29
3
171 Views
Last Modified: 2012-06-27
Gang, Im currently dealing with an environment that has exchange 2003 and exch 2010 co-existing. Since exchange 2010 does not advise placing CAS servers in the DMZ they just have a NAT for their CAS boxes to the outside allowing multiple protocols i.e. owa, autodiscover, pop, etc.
Now we are concerned with Security, as the NAT is not ideal? What would you suggest? The exchange edge role or ForeFront, or separate DMZ or? What is best practice with least intrusion ?
0
Comment
Question by:DEFclub
3 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 350 total points
ID: 36817978
NAT is not ideal I'd agree however it is not that bad either, your best option is to have a reverse proxy in the DMZ that would take care of the communication from internet  to the cas. like TMG for example
0
 
LVL 23

Assisted Solution

by:Malli Boppe
Malli Boppe earned 150 total points
ID: 36889946
I would go with the TMG
0
 

Author Closing Comment

by:DEFclub
ID: 36906879
k
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out what you should include to make the best professional email signature for your organization.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now