Hosting Provided By

RE: Exchange in the DMZ

From: John Munyan <johnm(at)attrition.ws>
Date: Tue Nov 26 2002 - 14:48:13 EST

I agree with Jack. If possible put the FE in the LAN. I would argue the ease of administration more than makes up for any security concerns. If you put the E2K FE in the DMZ a hole will need to be cut for it to communicate with DC's and GC in the LAN. If someone jacks the FE box then they will have immediate access to your AD.

If you put the FE in the LAN the communications issues with the DC's are not an issue. And the only public access to the FE box in this scenario would/could be port 443 if desired.

It is just a simpler solution to put the FE in the LAN rather than in the DMZ. I don't think there is much benefit to putting the FE in the DMZ. Regards,

John

-----Original Message-----

From: Jack Lyons [mailto:jack.lyons@martinagency.com] Sent: Tuesday, November 26, 2002 5:57 AM To: 'Dean Pullen'; focus-ms@lists.securityfocus.com Subject: RE: Exchange in the DMZ

My first question is why do you have to have it in the DMZ, but it seems you
were being told to put it in the DMZ.

Can you show us the URL's you referenced in setting this up. I assume you are running Exchange 2000 on Windows 2000 in an AD Domain?

What exactly is your front-end? Is it the Outlook clients or is it Outlook
Web Access?

Do you need help?

Not sure what you mean by this:
' I mean all I am trying at the moment is to connect to our internal Domain
by accessing the network ID in the My Computer properties and trying typing
in the Domain.'

Are you using a computer in the DMZ running Windows 2000 Professional and
trying to login into your Active Directory Domain?

Jack

-----Original Message-----

From: Dean Pullen [mailto:deanpullen@yahoo.com] Sent: Saturday, November 23, 2002 6:01 AM To: focus-ms@lists.securityfocus.com
Subject: Exchange in the DMZ

Hi guys,

I've basically been told that we require an Exchange system operated within our DMZ setup. After much reading I've decided to go for a front-end, back-end Exhange system, with the Exchange front-end in the DMZ and the back-end in the LAN. However, even though I've opened up all the ports specified in MS' white papers between the DMZ and LAN, I cannot connect to the domain/active directory from the Front-End server. How do I go about this? I mean all I am trying at the moment is to connect to our internal Domain by accessing the network ID in the My Computer properties and trying typing in the Domain. Do I have to do anything else?! Sorry for my amateurishness(!) but we're a small firm and cannot afford a fully-fledged exchange specialist, thus I'm doing it!

Thanks in advance.

Dean Pullen.

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Do you need more help?

This email and its contents may be confidential. If it is and you are not
the intended recipient, please do not disclose or use the information within
this email or its attachments. If you have received this email in error,
please delete it immediately. Thank you. Received on Wed Nov 27 01:02:56 2002

This message: [ Message body ]
Next message: Mike Coppins: "Re: IIS Log exactly 65.536 bytes ???"
Previous message: Deus, Attonbitus: "RE: Secure / Encrypt Terminal Services"
Maybe in reply to: Dean Pullen: "Exchange in the DMZ"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:25 EDT