Solved

Exchange 2010 DMZ query

Posted on 2012-03-20
2
1,021 Views
Last Modified: 2012-03-21
Hi

I am planning to upgrade to Exchange 2010. I need some help understanding my options for configuring OWA and Active sync connections to come in securely from the Internet.

As I currently understand it, we can have a single server on the domain hosting the mailbox, hub and client access server roles.

If we want OWA and Activesync, we could publish port 443 out through the firewall, however to be secure, this should be done with a system in the DMZ. I'm reading about the Edge Transport Role, Threat Management Gateway and Forefront Protection - which of these do I need?

I currently have a good anti-spam and anti-virus appliance in my DMZ which doesn't need replacing. I want to route the mail through this device.

What is the best way to route OWA and Activesync connections leaving my existing anti-spam/AV appliance in place? I believe I need a reverse-proxy system so I'm not exposing my internal network to the internet directly. In this case, I think all I need is the Edge Transport Role...does this sound correct?
0
Comment
Question by:failed
2 Comments
 
LVL 5

Accepted Solution

by:
kollenh earned 400 total points
ID: 37743573
The Edge role is only for SMTP, not OWA or Activesync services.  Basically an Edge server does what your appliance already does so it sounds like you don't really need one.

Yes, you can publish 443 through the firewall and it will work; it's an accepted solution but probably not best practice, particularly when you're mailboxes are hosted on the same server.  The risk is slightly mitigated with split roles.

The other option is a proxy server such as ISA to be the intermediary so you're not exposing the Exchange server.

HTH
0
 
LVL 10

Assisted Solution

by:Michael Ian Claridge
Michael Ian Claridge earned 100 total points
ID: 37744004
Publish the OWA URL through TMG.
But note I am in agreement with the comments above, TMG is essentially x64 ISA.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
New firewall implementation guidance 12 60
Final Exchange 2010 to 2016 steps query 9 47
Unified EndPoint Management 1 24
Migrate GPO Forest to Forest 4 13
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question