Accessing MS Exchange Server on DMZ zone of Cisco Pix 515E as local server

0 pts.
Tags:
Firewalls
Forensics
Incident response
Intrusion management
Network security
VPN
Wireless
Hi, We currently have a MS Small Business Server 2000 (of which Exchange Server is a part) configured on the LAN behind a firewall and use POP3 Connector of MS Exchange to retrieve external mails. Our users connect to the MS Exchange Server within the LAN without requiring to connect to the Internet. The question that I have is, if we put the Server on the DMZ zone of our Cisco Pix 515E firewall and assign a public IP to it to retrieve external mails using SMTP Connector, will it be possible for our users on the LAN to connect to the MS Exchange Server without connecting to the Internet just as before. Thanks in advance.
ASKED: July 15, 2005  3:48 AM
UPDATED: September 6, 2005  8:03 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Yes, it’ll just take a modification of your Pix rules.

I don’t know the ports used off-hand, but what I’d recommend is that you sniff a typical user connecting to the Exchange server and observe the various ports, and port ranges (watching the random high numbered ports for range limits).

By the way, if you’re going to put your own SMTP connector out there, I’d also recommend that you put an SMTP firewall on the machine (Anti-Virus and such), and/or subscribe to a service like Postini – which does an excellent job of filtering out spam.

Have fun,

Bob

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • NetTech21
    I would strongly suggest not moving your small business server into the DMZ. If you are using all of the software that comes with SBS, you are running a larger risk sticking it into the DMZ. You can modify the pix configuration so that your internal server is able to pull mail from an outside source.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following