CAS in the DMZ
- Hi,
I'm planning to transision E2K to E2k7. My present E2k setup has 2 FE servers for OWA in the DMZ. As the CAS in not supported in the DMZ in 2007. what approaches can i have for the OWA access?
swamy
Answers
Basically only one: The best way to deploy Exchange CAS with respect to a perimeter network is to put a reverse proxy you trust in the perimeter, configure the firewall between the perimeter and the intranet to be as restrictive as possible and to host the CAS server on the intranet. This will get traffic inspection and other reverse proxy security filtering in place in the perimeter.
Don't put CAS in the Perimeter network!
http://msexchangeteam.com/archive/2009/10/21/452929.aspx
Our organization has standardized on Juniper and Firewall 1. We tried to use Juniper for secure publishing, but ended up with ISA Server 2006 in the DMZ. Here are the links we used:Publishing Exchange Server 2007 with ISA Server 2006
http://technet.microsoft.com/en-us/library/bb794751.aspxPublishing Exchange 2007 OWA, Exchange ActiveSync and RPC/HTTP using the 2006 ISA Firewall (Part 1 of 7)
Note: Thomas Shinder is one of the great authorities on ISA. These article was written before the release of ISA 2006 SP1. ISA now supports SAN certificates. Shinder does obviously not like PowerShell.
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-using-2006-ISA-Firewall-Part1.htmlExchange 2007 and ISA Server 2006: Helpful Docs and Blog Posts
http://msexchangeteam.com/archive/2008/12/08/450180.aspxPublishing Exchange 2007 Services with ISA Server 2006 – Creating the Publishing Rule for Outlook Anywhere with Transparent Windows Authentication
http://blog.msfirewall.org.uk/2008/07/publishing-exchange-2007-services-with.htmlElan Shudnow’s Blog (Just another IT guy -- what understatement!)
Publishing Exchange 2007 Autodiscover in ISA 2006
http://www.shudnow.net/2007/07/15/publishing-exchange-2007-autodisover-in-isa-2006/
MCTS: Messaging | MCSE: S+M | Small Business Specialist- Marked As Answer byJames-LuoMSFT, ModeratorFriday, November 06, 2009 3:16 AM
- Proposed As Answer byWill Shepherd Friday, October 30, 2009 7:31 PM
All Replies
Basically only one: The best way to deploy Exchange CAS with respect to a perimeter network is to put a reverse proxy you trust in the perimeter, configure the firewall between the perimeter and the intranet to be as restrictive as possible and to host the CAS server on the intranet. This will get traffic inspection and other reverse proxy security filtering in place in the perimeter.
Don't put CAS in the Perimeter network!
http://msexchangeteam.com/archive/2009/10/21/452929.aspx
Our organization has standardized on Juniper and Firewall 1. We tried to use Juniper for secure publishing, but ended up with ISA Server 2006 in the DMZ. Here are the links we used:Publishing Exchange Server 2007 with ISA Server 2006
http://technet.microsoft.com/en-us/library/bb794751.aspxPublishing Exchange 2007 OWA, Exchange ActiveSync and RPC/HTTP using the 2006 ISA Firewall (Part 1 of 7)
Note: Thomas Shinder is one of the great authorities on ISA. These article was written before the release of ISA 2006 SP1. ISA now supports SAN certificates. Shinder does obviously not like PowerShell.
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-using-2006-ISA-Firewall-Part1.htmlExchange 2007 and ISA Server 2006: Helpful Docs and Blog Posts
http://msexchangeteam.com/archive/2008/12/08/450180.aspxPublishing Exchange 2007 Services with ISA Server 2006 – Creating the Publishing Rule for Outlook Anywhere with Transparent Windows Authentication
http://blog.msfirewall.org.uk/2008/07/publishing-exchange-2007-services-with.htmlElan Shudnow’s Blog (Just another IT guy -- what understatement!)
Publishing Exchange 2007 Autodiscover in ISA 2006
http://www.shudnow.net/2007/07/15/publishing-exchange-2007-autodisover-in-isa-2006/
MCTS: Messaging | MCSE: S+M | Small Business Specialist- Marked As Answer byJames-LuoMSFT, ModeratorFriday, November 06, 2009 3:16 AM
- Proposed As Answer byWill Shepherd Friday, October 30, 2009 7:31 PM
