Don't they have more of an issue with it being Exchange 2003 than it being in your DMZ? ________________________________ From: itli...@imcu.com [itli...@imcu.com] Sent: 25 January 2012 6:48 PM To: NT System Admin Issues Subject: RE: Moving Exchange 2003 into a DMZ
NCUA audtiors want to know why we don't have it is our DMZ currently. At one point I knew an answer but today I don't have a clue. I know the user access OWA or activesync throught he outside interface of the Firewall. The Firewall NAT's/PAT's the address to my local Lan. The outside interface has a Cert from GoDaddy. Is that really enough? Only access to port 25 or 443 is allowed through the firewall. From: Andrew S. Baker [mailto:asbz...@gmail.com] Posted At: Wednesday, January 25, 2012 10:19 AM Posted To: itli...@imcu.com Conversation: Moving Exchange 2003 into a DMZ Subject: Re: Moving Exchange 2003 into a DMZ Why would you do that? How many ports do you intend to connect from the internet to the Exchange box? And how many are you going to have to open up between the DMZ and the LAN in order to get it to function? What problem do you hope to solve by moving it? ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market… On Wed, Jan 25, 2012 at 9:13 AM, itli...@imcu.com<mailto:itli...@imcu.com> <itli...@imcu.com<mailto:itli...@imcu.com>> wrote: I have Exchange 2003 sitting here on my local lan. I want to move it to my Firewall lan and set it in the DMZ lan there. >From the outside interface of the Firewall I just need to NAT/PAT it to the >new DMZ ip address. No change to the SSL Cert because that is to the outside >interface(Correct?) >From the clients that are internal when I change the DNS record they should >point to the internal DMZ address of the server with no client changes? >(Correct?) Smartphones and tablets that have email coming to them use the outside interface fo the firewall so they should be fine? (Correct?) If I have management consoles that send SMTP email internally (VirusScan type things) or those interfaces that use IP instead of FQDN, they will have to be manually corrected when the move happens to point to the internal DMZ address of the server? (Correct?) Thanks ahead of time. Also, what would it take to just build an Exchange 2010 server and just start migrating users to it instead of moving my 2003 box anyways? As always I am humbly asking to not be beaten for my stupidity but given your wisdom on the subject instead. Thanks David ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin