What about monitoring of those servers in the DMZ? Do you use PerfMon to check queues or critical processes? If so, what ports are needed there if your monitoring workstation is on the other side of the DMZ? Or do you simply use some kind of paging system when it reaches a threshold?
Nate Couch EDS Messaging > ---------- > From: Atkinson, Daniel > Reply To: [EMAIL PROTECTED] > Sent: Wednesday, December 12, 2001 06:42 > To: [EMAIL PROTECTED] > Subject: RE: firewall problem > > > thanks for the information.... > > > -----Original Message----- > > From: Olds, Dominic [mailto:[EMAIL PROTECTED]] > > Sent: 12 December 2001 11:55 > > To: Exchange Discussions > > Subject: RE: firewall problem > > > > > > Any open port is a potential security risk. This risk > > increases with the > > amount you "open up" on your firewall. Personally, I would > > only ever allow > > SMTP traffic to an (relay protected) exchange box inside a firewall. > > Anything else and I would relay from a box sitting in the DMZ > > (for smtp, OWA > > etc etc) thus meaning I only have to allow the RPC and stuff > > for exchange > > between 2 specifically defined boxes from the DMZ to the > > internal network. > > It will make your life easier if you open these ports right?? > > So it follows > > that a hacker's life becomes easier too. If you choose the > > lazy route you > > are likely to pay for it in other ways. > > > > Regards > > > > Dom. > > > > -----Original Message----- > > From: Atkinson, Daniel [mailto:[EMAIL PROTECTED]] > > Sent: 12 December 2001 11:46 > > To: Exchange Discussions > > Subject: RE: firewall problem > > > > > > i'd like to open our exchange server through the firewall, but my boss > > thinks this is a 'massive security risk'. i think if i open it just to > > specified hosts, then that would be ok. what does anyone else think? > > > > dan. > > > > > -----Original Message----- > > > From: Watkins V [mailto:[EMAIL PROTECTED]] > > > Sent: 12 December 2001 11:16 > > > To: Exchange Discussions > > > Subject: firewall problem > > > > > > > > > Dear all, > > > > > > I have several exchange servers which work fine through a > > > firewall except > > > one, using the TechNet recommended ports for DS and IS of > > > 1300 and 1301 > > > respectively. The one that doesn't work is one which is > > > running Win2K. The > > > others run NT4. I have set the ports to 1300 and 1301 in the > > > registry as > > > usual, but the server is ignoring this fact. It is just > > > using random ports > > > and so I am having to change the firewall ports instead!!! > > > The ports it > > > uses change after every reboot, so obviously, this is troublesome. > > > Anyone have a fix for this? > > > We are using Exchange 5.5 sp4 > > > > > > thanks > > > Vanessa Watkins > > > Network Manager > > > Royal Holloway > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
