Exchange 2010 DMZ query
Posted on 2012-03-20
I am planning to upgrade to Exchange 2010. I need some help understanding my options for configuring OWA and Active sync connections to come in securely from the Internet.
As I currently understand it, we can have a single server on the domain hosting the mailbox, hub and client access server roles.
If we want OWA and Activesync, we could publish port 443 out through the firewall, however to be secure, this should be done with a system in the DMZ. I'm reading about the Edge Transport Role, Threat Management Gateway and Forefront Protection - which of these do I need?
I currently have a good anti-spam and anti-virus appliance in my DMZ which doesn't need replacing. I want to route the mail through this device.
What is the best way to route OWA and Activesync connections leaving my existing anti-spam/AV appliance in place? I believe I need a reverse-proxy system so I'm not exposing my internal network to the internet directly. In this case, I think all I need is the Edge Transport Role...does this sound correct?