If you want to go down the ISA route you might want to check out the MSA appliance from celestix. http://www.celestix.com/products/msa/index.html
Cheers Matt -----Original Message----- From: Jason Tierney [mailto:[EMAIL PROTECTED] Sent: 25 November 2008 21:25 To: MS-Exchange Admin Issues Subject: RE: What happened to my Front End Server What's sad is they just finished dumping their Goodlinks in favor of Activesync. Jason Tierney, MCITP:EA Vice President, Consulting Services tel: 240.425.4441 fax: 301.349.2518 -----Original Message----- From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 25, 2008 1:14 PM To: MS-Exchange Admin Issues Subject: RE: What happened to my Front End Server That sounds like a fair statement - ISA (if you had it) would be as close as you could get. Gotta love that BES :-) -----Original Message----- From: Jason Tierney [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 9:05 AM To: MS-Exchange Admin Issues Subject: RE: What happened to my Front End Server The 2003 is out in the FE, and the on-site admin is going to start speaking in 4 letter words when I tell her that she has to open ports into her private LAN. Edge is for port 25 and we're not really worried about that as the Firewall only allows incoming from Postini. It's really Activesync and OWA that we're trying to secure. Apparently we can't. Thanks. Jason Tierney, MCITP:EA Vice President, Consulting Services tel: 240.425.4441 fax: 301.349.2518 -----Original Message----- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 11:26 AM To: MS-Exchange Admin Issues Subject: RE: What happened to my Front End Server It sounds like the 2003 FE is out in the DMZ? I would vote against trying to replicate that scenario since it is already less than desirable. Edge server in the dmz, it handles your incoming and outgoing. Think of it as a simple relay. ISA server or similar in the dmz to publish OWA. Or open 443 can't/won't do ISA. I would rather have 443 open to the inside limited to one server than a CAS/OWA server sitting in the dmz. CAS server inside, which is your OWA server also. Mailbox server on the inside for regular Outlook. Hub server on the inside. You can combine roles on the inside if you have the horsepower on the server and the disaster recovery plan. MS just split the roles apart so you can build it like you want. Certainly separate is better, imho. > -----Original Message----- > From: Jason Tierney [mailto:[EMAIL PROTECTED] > Sent: Monday, November 24, 2008 11:06 AM > To: MS-Exchange Admin Issues > Subject: What happened to my Front End Server > > One of my larger customers is planning to move from Exchange 2003 to > Exchange 2007. They're a FE/BE configuration and really just want to > stay that way, but I've been reading all about why it is bad to put a > CAS in a DMZ. > > So, without ISA or some other SSL VPN, are there any other options for > providing incoming mail, OWA and ActiveSync access to Exchange without > forwarding port 80, 442 and 25 into the private LAN? > > Thanks, Jason > > Jason Tierney, MCITP:EA > Vice President, Consulting Services > tel: 240.425.4441 > fax: 301.349.2518 > > > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ _____________________________________________________________ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. Thank You. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
