IT. ----- Ken Leyba Windows/Exchange System Administrator California State University Dominguez Hills
> -----Original Message----- > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 20, 2002 3:34 PM > To: MS-Exchange Admin Issues > Subject: RE: Stupid Firewall Tricks > > > The more important firewall is between the internet and your > organisation. > > What is this guy a director of? > > > -----Original Message----- > From: Ken Leyba [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 20, 2002 3:32 PM > To: MS-Exchange Admin Issues > Subject: RE: Stupid Firewall Tricks > > > Yes, the clients will use POP/SMTP, IMAP and MAPI. That was my point > exactly, we'll have two Swiss Cheese firewalls. Unless the > Cisco PIX can do > some kind of magic firewall tricks that I don't know about. > > Ken > > ----- > Ken Leyba > Windows/Exchange System Administrator > California State University Dominguez Hills > > > > -----Original Message----- > > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, March 20, 2002 3:22 PM > > To: MS-Exchange Admin Issues > > Subject: RE: Stupid Firewall Tricks > > > > > > How are you intending these users access the exchange server? > > MAPI client > > like Outlook? > > > > The holes necessary for your users to communicate with > > Exchange are such > > that your firewall between the users and Exchange has been > > rendered useless. > > > > > > -----Original Message----- > > From: Ken Leyba [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, March 20, 2002 3:15 PM > > To: MS-Exchange Admin Issues > > Subject: Stupid Firewall Tricks > > > > > > Our director wants us to implement a firewall in front of > our Windows > > 2000/Exchange 5.5 servers. Here is what the scenario is: > > > > Internet <--> Users <--> Firewall <--> Exchange > > > > On the Exchange side we have the DC's, Exchange, IMC, OWA, > > etc. servers. On > > the public side we have the Windows 98/2000 clients, WINS > > server (which is a > > whole different issue) and Internet. There is a firewall before the > > Internet connection but it is basically useless since nothing > > is configured. > > On the private side we are to use NAT, since all the servers > > except the > > backup server will need to be accessed from the outside I > > really don't see > > what this is buying us. Basically we are putting a firewall > > in front of > > Exchange. We are currently testing the configuration but I > > think this may > > end up being a nightmare once we begin to change the Windows > > 2000 servers > > (i.e. Active Directory) IP addresses and DNS settings to the private > > addresses. > > > > I began by making registry hacks to force the RPC's through > > specific ports > > but our backbone admin figured out how to configure the PIX > > firewall without > > me having to make the changes. Now I'm reinstalling the test > > server to see > > that it's actually working. > > > > Can anyone give me any ammo as to why this is not the way to > > do things. I > > have tried to explain but I'm getting nowhere. I don't > know maybe I'm > > wrong. However it seems it would be safer to implement the > > firewall at the > > internet connection, we seem to be trying to protect > > ourselves from our > > users. There would be a lot of politics involved with the > > Internet firewall > > but it does seem like the way to go. > > > > Thx, > > Ken > > > > ----- > > Ken Leyba > > Windows/Exchange System Administrator > > California State University Dominguez Hills > > > > List Charter and FAQ at: > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > List Charter and FAQ at: > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
