Forefront Edge Security TechCenter >
Forefront Edge Security Forums
>
Forefront Edge Security - Installation, Upgrade, and Setup
>
Exchange Server 2007 edge transport server and isa server 2006 in a perimeter network
Exchange Server 2007 edge transport server and isa server 2006 in a perimeter network
- Hello,
I have an ISA 2006 server with sp1 installed and currently running on a DMZ. It is forwarding traffic to and from the internet on certain ports for a specific application. It has 2 NIC's. 1 NIC has 2 IP's with the same Default Gateway and the other has 1 IP address with the same default gateway.
I would like to install "the Exchange Transport Edge" server role and put it behind the ISA server. So the setup would be:
Cisco Firewall...>ISA Server (DMZ).....>Edge (DMZ)....>Internal Network
Is this a supported Microsoft configuration? Will I have to install additional physical Intercace cards on the ISA to accomodate additional services or can i just create more virtual Ip's?
Many thanks,
Tacobell2000
Answers
- Hi,
this is a szenario I implemented for a few of my customers. You can use ISA Server Publishing wizard to publish SMTP to the Edge Server or if it as Route relationship you can use Firewall rules to allow SMTP traffic from ISA to Edge.
If you have the time to wait for Q4 2009, you can also use Forefront TMG which comes with an built in Egde Server (you have to buy Egde separately and you have to install Edge before you install TMG). With this solution it is possible to use the integrated Antispam and Antivirus features of TMG and Edge on the same machine.
regards Marc
www.nt-faq.de
www.it-training-grote.de- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, July 06, 2009 6:34 AM
- Hi,
no, Edge in the DMZ and the solution is possible without an additional NIC in ISA. The Edge gets an IP address from the same network as the ISA interface have
regards Marc
www.nt-faq.de
www.it-training-grote.de- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, July 06, 2009 6:34 AM
All Replies
- Hi,
this is a szenario I implemented for a few of my customers. You can use ISA Server Publishing wizard to publish SMTP to the Edge Server or if it as Route relationship you can use Firewall rules to allow SMTP traffic from ISA to Edge.
If you have the time to wait for Q4 2009, you can also use Forefront TMG which comes with an built in Egde Server (you have to buy Egde separately and you have to install Edge before you install TMG). With this solution it is possible to use the integrated Antispam and Antivirus features of TMG and Edge on the same machine.
regards Marc
www.nt-faq.de
www.it-training-grote.de- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, July 06, 2009 6:34 AM
- So the edge is in the internal network and not the dmz...is this correct?
Also do i put in additional NIC cards on the server or can I use what i have?
Tacobell2000 - Hi,
no, Edge in the DMZ and the solution is possible without an additional NIC in ISA. The Edge gets an IP address from the same network as the ISA interface have
regards Marc
www.nt-faq.de
www.it-training-grote.de- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, July 06, 2009 6:34 AM
When you say "the same default gateway", do you mean that you have the same DG in both NICs?
Or are you saying that the DG is one of the IP addresses used by that NIC?
Jim Harrison Forefront Edge CS
