?
Solved

Anyone running Exchange 2010 SP1 with 1:1 NAT public IP to the CAS array IP instead of TMG

Posted on 2011-10-09
7
Medium Priority
?
360 Views
Last Modified: 2012-05-12
We would like to migrate from Exchange 2003 to 2010 by doing the following configuration:
 
1:1 NAT public IP to the CAS array IP
 
2 servers - > with CAS (WNLB) and HUB configured
 
2 servers -> MBX with DAG
 
Anyone running something like the above scenario in a production env.? For the scenario above what is going to be the downside of not using a TMG server?


0
Comment
Question by:llarava
  • 3
  • 2
  • 2
7 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36939361
TMG provides exchange with an application filters for SMTP/HTTP/S. with out TMG for sure the security level is lower.

By publishing exchange services through TMG/ISA (reverse proxy), TMG filter the traffic and analyzing it then proceed it according to the setting configure on the publish rule. without TMG traffic goes directly to the exchange server which could be a kind of attack traffic.
0
 

Author Comment

by:llarava
ID: 36939416
Sulimanw,

I understand that over 6000$ per CPU per server (Enterprise in order to build an array)  are going to give you a layer of security.

The question is besides relaxing the security what else am I going to lose? Any features?  

Is anyone out there running his production env without TMG or ISA?

0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36939434
I have a client running exchange with only windows firewall enabled - public IP is assigned in the exchange server itself-.

It is running since 5 years, nothing happened (no attacks), but no one can know when it will be attacked !
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:llarava
ID: 36939439
Is this configuration supported by MS? It's my understanding that as long as your CAS server is not placed in the DMZ you the configuration is supported.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36939443
Yes it is supported, but not secured at all.
0
 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 36939467
Although not the ideal scenario your setup would be good enough for most companies.

From a security perspective a TMG would get your connections to be ended on the proxy servers and not on the exchange server which is a great security enhancement but opening port 443 from the internet to an internal server is not that much of a big deal unless you have very tight security policies.

if you are a "simple" company then there is nothing wrong at all doing this
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36939468
I forgot to add that yes the configuration is supported by MS
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question