Matthew, What Servers have you got running on your DMZ - web servers, ftp servers etc?, If any of those servers were to be compromised, the attacker would have a much better chance of getting onto your Exchange Box, which of course has a high level of access to your internal/private network. The reason, I believe, people put their web/ftp/whatever servers in a DMZ is that those servers are not to be entrusted with access to the private network. Exchange is different of course, the whole idea is that the system is giving access to the private network.
I would suggest, if you're using OWA, to put the exchange on the private network, and allow only https (port 443, IIRC). If your users insist on using Outlook, you can connect them via VPN. Regards Ruan Kotze MCSE, Master ASE For: Comparex Namibia -----Original Message----- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Monday, April 15, 2002 10:01 AM To: MS-Exchange Admin Issues Subject: Exchange DMZ What are the pros and cons to putting your Exchange on a DMZ. Note: The web server is already on the same DMZ. We use OWA and a VPN. EX5.5 SP4 NT4 SP6 Matthew Carpenter, MCP, CNA, A+ Network Engineer and Exchange Administrator SARMA 1801 Broadway San Antonio, TX 78215 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm ---- Disclaimer Notice : Note this is a disclaimer ---- List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
