I'm not sure what Brian said or thought, but there was not enough
information in your question, Mark.
What I mean by that is that if the security strategy is to use the juniper
device, then I'm not sure I understand what the point of introducing ISA is
in this situation? Just for SMTP?
Why? What
Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Mark Parris
> Sent: Tuesday, December 05, 2006 6:37 PM
> To: ActiveDir.org
> Subject: Re: [ActiveDir] OT: Exchange Design Question
>
> Thanks for the responses so far - I have also bee
Thanks for the responses so far - I have also been kicked for not mentioning
that there is a Juniper server in the equation to which OWA is published.
So OWA goes through the Juniper appliance in another dmz and does not touch the
ISA dmz.
Still the same responses?
Regards,
Mark Parris
Bas
I would go with option 3 - send and receive directly from your trusted
external partner, message labs. The only benefit to having a DMZ based
relay is that you don't have to open tcp25 to/from your trusted network to
the outside vendor. Not sure there is enough of a risk there to warrant a
DMZ a
If you use OWA for remote mail access number 1 is the best choice. You then
publish your OWA through the ISA server.
If your incoming smtp is only from messagelabs and you do not need/use OWA then
I would consider skipping to choice three, with nothing out front and only
allow port 25 from mes
Mark,
In scenario 2 will your SMTP server in the DMZ subnet be part of the Exchange
organization? If so the whole DMZ thing isn't really going to get you much if
anything. Personally I think DMZs are outdated and not a good model anymore.
I would go with option 1.
Thanks,
Brian Desmond
[EMAIL
