WE're using Squid on OpenBSD to reverse proxy/SSL accelerate. What specific functionality is required from MS for this to work? Its working fine in Exchange 5.5 OWA and I'm working on rolling E2k3 now.
Only thing I can think of is the ability to change passwords over that connection. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Ken Cornetet [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 29, 2004 9:54 AM > To: Exchange Discussions > Subject: RE: OWA 2003 - Questions > > You could simply port-forward port 443 to your front-end server on the > local network, and configure the OWA site to use SSL. Some would > consider this OK, others would consider it insecure. > > Microsoft recommends (at least when we were looking at this last year) > using a stand-alone ISA server in a DMZ to do reverse-proxy to the FE > server. > > At least one person on the list uses Squid on BSD (or maybe > linux) to do > the reverse-proxy. > > We use a Network Appliance NetCache to do the reverse proxy and SSL > acceleration (the SSL stuff is handled by the NetCache) Note > that using > an SSL accelerator for OWA (at least in E2K) requires a > special OWA DLL > from Microsoft. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, April 28, 2004 7:57 PM > To: Exchange Discussions > Subject: RE: OWA 2003 - Questions > > > Thanks for all of the input. > But I have to ask, if putting the OWA front-end in the DMZ is a bad > idea, what would you recommend instead? Just forwarding ports > to the FE > server on the local network or other (sorry, I'm a bit of a > n00b when it > comes to network security.. and by a bit, i mean a lot). > > Is there any online documentation that details alternatives to putting > the FE in DMZ? > > Thanks again for all of your help, > > Luke > > > -----Original Message----- > > That's putting it politely. I think it's a lousy idea. > > Ed Crowley MCSE+Internet MVP > Freelance E-Mail Philosopher > Protecting the world from PSTs and Bricked Backups!T > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Fyodorov, Andrey FTL > Sent: Tuesday, April 27, 2004 6:34 AM > To: Exchange Discussions > Subject: RE: OWA 2003 - Questions > > We have recently had a lot of discussions regarding the Exchange > front-end placement in a DMZ and I think most people agreed that it > would not be the greatest idea. > > To make an Exchange server a front-end, yes just check the > "this server > is a front-end" box. Also I used to follow Microsoft's > Exchange Hosting > whitepapers on FE/BE configuration and created additional HTTP virtual > servers on the back-end that would represent the front-end servers. > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Monday, April 26, 2004 7:43 PM > To: Exchange Discussions > Subject: OWA 2003 - Questions > > > Hi, > Just a couple of questions in relation to OWA 2003. > > We are in the process of migrating a network from exch. 5.5 > to 2003. We > have an 2003 and 5.5 server running in the same site, AD connector > installed, etc.. > > 1. To setup an OWA2003 server (as a front end only, with no mailbox > storage) on the network to put in a DMZ, do we simply install Exchange > 2003 with only the OWA components selected, then use the > Exchange Admin > to set that server as a 'front end server'? (in addition to having the > right ports, etc.. setup on the firewall for traffic communication > between the OWA and 2003 servers). > > 2. Since the site contains a 5.5 and 2003 server, will the OWA2003 > server be able to provide access to 5.5 mailboxes? The > impression I get > from reading the web suggests that it wont. > > If you have any links to specific articles with detail on how this > should be setup, they would be great as well.. > > Thanks, > Luke Cassar > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe send a blank email to > %%email.unsub%% > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english > To unsubscribe send a blank email to > %%email.unsub%% > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
