You could simply port-forward port 443 to your front-end server on the local network, and configure the OWA site to use SSL. Some would consider this OK, others would consider it insecure.
Microsoft recommends (at least when we were looking at this last year) using a stand-alone ISA server in a DMZ to do reverse-proxy to the FE server. At least one person on the list uses Squid on BSD (or maybe linux) to do the reverse-proxy. We use a Network Appliance NetCache to do the reverse proxy and SSL acceleration (the SSL stuff is handled by the NetCache) Note that using an SSL accelerator for OWA (at least in E2K) requires a special OWA DLL from Microsoft. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, April 28, 2004 7:57 PM To: Exchange Discussions Subject: RE: OWA 2003 - Questions Thanks for all of the input. But I have to ask, if putting the OWA front-end in the DMZ is a bad idea, what would you recommend instead? Just forwarding ports to the FE server on the local network or other (sorry, I'm a bit of a n00b when it comes to network security.. and by a bit, i mean a lot). Is there any online documentation that details alternatives to putting the FE in DMZ? Thanks again for all of your help, Luke -----Original Message----- That's putting it politely. I think it's a lousy idea. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey FTL Sent: Tuesday, April 27, 2004 6:34 AM To: Exchange Discussions Subject: RE: OWA 2003 - Questions We have recently had a lot of discussions regarding the Exchange front-end placement in a DMZ and I think most people agreed that it would not be the greatest idea. To make an Exchange server a front-end, yes just check the "this server is a front-end" box. Also I used to follow Microsoft's Exchange Hosting whitepapers on FE/BE configuration and created additional HTTP virtual servers on the back-end that would represent the front-end servers. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, April 26, 2004 7:43 PM To: Exchange Discussions Subject: OWA 2003 - Questions Hi, Just a couple of questions in relation to OWA 2003. We are in the process of migrating a network from exch. 5.5 to 2003. We have an 2003 and 5.5 server running in the same site, AD connector installed, etc.. 1. To setup an OWA2003 server (as a front end only, with no mailbox storage) on the network to put in a DMZ, do we simply install Exchange 2003 with only the OWA components selected, then use the Exchange Admin to set that server as a 'front end server'? (in addition to having the right ports, etc.. setup on the firewall for traffic communication between the OWA and 2003 servers). 2. Since the site contains a 5.5 and 2003 server, will the OWA2003 server be able to provide access to 5.5 mailboxes? The impression I get from reading the web suggests that it wont. If you have any links to specific articles with detail on how this should be setup, they would be great as well.. Thanks, Luke Cassar _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
