Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2010 DMZ query

Posted on 2012-03-20
2
Medium Priority
?
1,038 Views
Last Modified: 2012-03-21
Hi

I am planning to upgrade to Exchange 2010. I need some help understanding my options for configuring OWA and Active sync connections to come in securely from the Internet.

As I currently understand it, we can have a single server on the domain hosting the mailbox, hub and client access server roles.

If we want OWA and Activesync, we could publish port 443 out through the firewall, however to be secure, this should be done with a system in the DMZ. I'm reading about the Edge Transport Role, Threat Management Gateway and Forefront Protection - which of these do I need?

I currently have a good anti-spam and anti-virus appliance in my DMZ which doesn't need replacing. I want to route the mail through this device.

What is the best way to route OWA and Activesync connections leaving my existing anti-spam/AV appliance in place? I believe I need a reverse-proxy system so I'm not exposing my internal network to the internet directly. In this case, I think all I need is the Edge Transport Role...does this sound correct?
0
Comment
Question by:failed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
kollenh earned 1600 total points
ID: 37743573
The Edge role is only for SMTP, not OWA or Activesync services.  Basically an Edge server does what your appliance already does so it sounds like you don't really need one.

Yes, you can publish 443 through the firewall and it will work; it's an accepted solution but probably not best practice, particularly when you're mailboxes are hosted on the same server.  The risk is slightly mitigated with split roles.

The other option is a proxy server such as ISA to be the intermediary so you're not exposing the Exchange server.

HTH
0
 
LVL 10

Assisted Solution

by:Michael Ian Claridge
Michael Ian Claridge earned 400 total points
ID: 37744004
Publish the OWA URL through TMG.
But note I am in agreement with the comments above, TMG is essentially x64 ISA.
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question