• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 180
  • Last Modified:

Exchange 2010 internet facing security advice

Gang, Im currently dealing with an environment that has exchange 2003 and exch 2010 co-existing. Since exchange 2010 does not advise placing CAS servers in the DMZ they just have a NAT for their CAS boxes to the outside allowing multiple protocols i.e. owa, autodiscover, pop, etc.
Now we are concerned with Security, as the NAT is not ideal? What would you suggest? The exchange edge role or ForeFront, or separate DMZ or? What is best practice with least intrusion ?
0
DEFclub
Asked:
DEFclub
2 Solutions
 
AkhaterCommented:
NAT is not ideal I'd agree however it is not that bad either, your best option is to have a reverse proxy in the DMZ that would take care of the communication from internet  to the cas. like TMG for example
0
 
Malli BoppeCommented:
I would go with the TMG
0
 
DEFclubAuthor Commented:
k
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now