Exchange 5.5 or 2000? OWA is very different between them and the ramifications are too.
I don't see much point in putting a front-end OWA server in the DMZ for either version, though. Just open port 443 to the Exchange OWA box inside your intranet, or, better, implement a VPN solution. Q1 and Q2 are answered in the Exchange 5.5 FAQ. Whether it is in the E2K FAQ is left as an exercise to the reader. Ed Crowley MCSE+Internet MVP Tech Consultant Compaq Computer Corporation (soon to be HP) All your base are belong to us. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bob Lewinski Sent: Friday, October 19, 2001 1:56 PM To: Exchange Discussions Subject: OWA/Exchange Ports & Security – anyone? Could anyone tell me if the below can be considered as an acceptable approach to OWA implementation. 1. OWA/IIS resides in the DMZ 2. The only port that can get to it from the Internet is SSL/443 3. OWA/IIS can talk to the Exchange server on the internal network via two statically mapped ports for the IS & DS. Q1. Is there any other ports I will need for the OWA to communicate with Internal Exchange Server and why? Microsoft says that you need to have 135/TCP open (Q259240), but I red few things here on the Board that port 135 is a security threat – why? Q2 What ports do I need to open between the OWA/IIS on the DMZ and one of my DC's on the internal network. Again Microsoft calls for 135/TCP, 138/TCP and 137/UDP. Thanks Bob Lewinski _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]