That's exactly what I'm saying. Get the publications and read what ports you must open and if that doesn't scare you, nothing will. Open only port 443 for SSL OWA, and only if you can't require a VPN.
Ed --- Erick Thompson <[EMAIL PROTECTED]> wrote: > Ed, > > I'm a little confused. You're recommending that I > put in a front end server, but not in the DMZ? It > seems to me that I might have to open a bunch of > ports, but if the front end server is in the LAN, > all ports are by default open. > > Just to clarify, I have one Exchange server which > lives on my LAN, and there is an SMTP server in my > DMZ that relays messages to the Exchange server. At > the moment, I don't have any other Exchange servers > running. > > Thanks, > Erick > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > Behalf Of Ed Crowley > > Sent: Tuesday, September 16, 2003 4:25 PM > > To: Exchange Discussions > > Subject: Re: OWA front end server - licensing and > security > > > > > > Instal a certificate on the front-end server and > open > > port 443 to the front-end server. Putting a > front-end > > server in a DMZ requires you to open lots of > dangerous > > ports through the internal firewall to the > Exchange > > servers, DCs and GCs. > > > > Ed > > > > --- Erick Thompson <[EMAIL PROTECTED]> wrote: > > > I'm setting up OWA in my organization, and I > have > > > two choices. I can set up Exchange on the web > server > > > (in the DMZ), and specify it as a front end > server, > > > or I can open port 80 to the primary Exchange > > > server. From a security standpoint, I really > like > > > the first option, but I'm thinking that I need a > > > second Exchange Enterprise license. Am I correct > in > > > this? > > > > > > Am I being too paranoid about opening port 80 > > > through to the internal Exchange server? I've > never > > > liked the idea of raw traffic entering my > LAN.... > > > > > > Thanks, > > > Erick > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: > > > http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > > To unsubscribe: > > mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com > > _________________________________________________________________ > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english > To unsubscribe: > mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english > To unsubscribe: > mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
