Anyone running Exchange 2010 SP1 with 1:1 NAT public IP to the CAS array IP instead of TMG
We would like to migrate from Exchange 2003 to 2010 by doing the following configuration:
1:1 NAT public IP to the CAS array IP
2 servers - > with CAS (WNLB) and HUB configured
2 servers -> MBX with DAG
Anyone running something like the above scenario in a production env.? For the scenario above what is going to be the downside of not using a TMG server?
1:1 NAT public IP to the CAS array IP
2 servers - > with CAS (WNLB) and HUB configured
2 servers -> MBX with DAG
Anyone running something like the above scenario in a production env.? For the scenario above what is going to be the downside of not using a TMG server?
ASKER
Sulimanw,
I understand that over 6000$ per CPU per server (Enterprise in order to build an array) are going to give you a layer of security.
The question is besides relaxing the security what else am I going to lose? Any features?
Is anyone out there running his production env without TMG or ISA?
I understand that over 6000$ per CPU per server (Enterprise in order to build an array) are going to give you a layer of security.
The question is besides relaxing the security what else am I going to lose? Any features?
Is anyone out there running his production env without TMG or ISA?
I have a client running exchange with only windows firewall enabled - public IP is assigned in the exchange server itself-.
It is running since 5 years, nothing happened (no attacks), but no one can know when it will be attacked !
It is running since 5 years, nothing happened (no attacks), but no one can know when it will be attacked !
ASKER
Is this configuration supported by MS? It's my understanding that as long as your CAS server is not placed in the DMZ you the configuration is supported.
Yes it is supported, but not secured at all.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I forgot to add that yes the configuration is supported by MS
By publishing exchange services through TMG/ISA (reverse proxy), TMG filter the traffic and analyzing it then proceed it according to the setting configure on the publish rule. without TMG traffic goes directly to the exchange server which could be a kind of attack traffic.