Hi Sarbjit, Another significant advantage to using the ISA firewall is the ability to perform stateful application layer inspection of the SSL tunneled data. The ISA firewall blocks hacks that would otherwise be able to hide in the tunnel that a packet filter based firewall just passes on through. Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Sarbjit Singh Gill [mailto:ssgill@xxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, November 16, 2004 10:36 PM To: [ExchangeList] Subject: [exchangelist] Re: Using MS Outlook in firewalled systems / OWA limited functionality? http://www.MSExchange.org/ You don't need to use ISA 2004 for HTTP/RPC. You could do regular web publishing from the firewall. You just need the firewall to publish the /rpc virtual directory on your exchange server as secure web (https). ISA is good becuase is gets you to offload SSL and off-load the RPC-HTTP proxy tasks, and do a primary authentication on behalf of the webserver (so un-authenticated traffic never touches the Exchange Server). But if you want the SSL and HTTP-Proxy handled by the Exchange Server, then your TZ is good enough. This is what you need at the minimum (high level overview): (OUTLOOK client) Internet---------> any firewall ------------ Exchange 2003/Windows 2003--------------------domain controlller FiREWALL. : enabled secure web publishing for the rpc virtual directory on the exchange 2003 server. Domain Controller : Runs the CA for certificates for IIS on exchange. Domain controller is also GC, DC, DNS (internal), and the usual stuff Windows 2003: RPC/HTTP installed Exchange 2003: SP1 installed. RPC/HTTP enabled. Certifictate installed on IIS. OUTLOOK client: Configure RPC/HTTP. Configuring Outlook 2003 for RPC over HTTP <http://www.microsoft.com/office/ork/2003/three/ch8/OutC07.htm> http://www.microsoft.com/office/ork/2003/three/ch8/OutC07.htm <http://www.microsoft.com/office/ork/2003/three/ch8/OutC07.htm> ISASERVER.ORG is a great resource. RPC over HTTP Deployment Scenarios <http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTT PDep/a5a4c4ca-f5f5-4c3b-81f9-4d4ff07ce901.mspx> http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTP Dep/a5a4c4ca-f5f5-4c3b-81f9-4d4ff07ce901.mspx Kiind Regards Gill ________________________________ From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, November 16, 2004 9:05 PM To: [ExchangeList] Subject: [exchangelist] Re: Using MS Outlook in firewalled systems / OWA limited functionality? http://www.MSExchange.org/ RPC over HTTP/HTTPS is only supported/available using ISA 2004. John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: Zee Doktor [mailto:zee_doktor@xxxxxxxxx] Sent: Tuesday, November 16, 2004 5:53 PM To: [ExchangeList] Subject: [exchangelist] Re: Using MS Outlook in firewalled systems / OWA limited functionality? http://www.MSExchange.org/ A sonicwall TZ170 "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx> wrote: http://www.MSExchange.org/ What firewall are you using? John Tolmachoff Engineer/Consultant/Owner eServices For You __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: michael@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: ssgill@xxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tshinder@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx