Our director wants us to implement a firewall in front of our Windows 2000/Exchange 5.5 servers. Here is what the scenario is:
Internet <--> Users <--> Firewall <--> Exchange On the Exchange side we have the DC's, Exchange, IMC, OWA, etc. servers. On the public side we have the Windows 98/2000 clients, WINS server (which is a whole different issue) and Internet. There is a firewall before the Internet connection but it is basically useless since nothing is configured. On the private side we are to use NAT, since all the servers except the backup server will need to be accessed from the outside I really don't see what this is buying us. Basically we are putting a firewall in front of Exchange. We are currently testing the configuration but I think this may end up being a nightmare once we begin to change the Windows 2000 servers (i.e. Active Directory) IP addresses and DNS settings to the private addresses. I began by making registry hacks to force the RPC's through specific ports but our backbone admin figured out how to configure the PIX firewall without me having to make the changes. Now I'm reinstalling the test server to see that it's actually working. Can anyone give me any ammo as to why this is not the way to do things. I have tried to explain but I'm getting nowhere. I don't know maybe I'm wrong. However it seems it would be safer to implement the firewall at the internet connection, we seem to be trying to protect ourselves from our users. There would be a lot of politics involved with the Internet firewall but it does seem like the way to go. Thx, Ken ----- Ken Leyba Windows/Exchange System Administrator California State University Dominguez Hills List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm