Ed, I'm a little confused. You're recommending that I put in a front end server, but not in the DMZ? It seems to me that I might have to open a bunch of ports, but if the front end server is in the LAN, all ports are by default open.
Just to clarify, I have one Exchange server which lives on my LAN, and there is an SMTP server in my DMZ that relays messages to the Exchange server. At the moment, I don't have any other Exchange servers running. Thanks, Erick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Ed Crowley > Sent: Tuesday, September 16, 2003 4:25 PM > To: Exchange Discussions > Subject: Re: OWA front end server - licensing and security > > > Instal a certificate on the front-end server and open > port 443 to the front-end server. Putting a front-end > server in a DMZ requires you to open lots of dangerous > ports through the internal firewall to the Exchange > servers, DCs and GCs. > > Ed > > --- Erick Thompson <[EMAIL PROTECTED]> wrote: > > I'm setting up OWA in my organization, and I have > > two choices. I can set up Exchange on the web server > > (in the DMZ), and specify it as a front end server, > > or I can open port 80 to the primary Exchange > > server. From a security standpoint, I really like > > the first option, but I'm thinking that I need a > > second Exchange Enterprise license. Am I correct in > > this? > > > > Am I being too paranoid about opening port 80 > > through to the internal Exchange server? I've never > > liked the idea of raw traffic entering my LAN.... > > > > Thanks, > > Erick > > > > > _________________________________________________________________ > > List posting FAQ: > > http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english > To unsubscribe: > mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]