Absolutely. Thanks, Thomas. _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, November 17, 2004 1:26 PM To: [ExchangeList] Subject: [exchangelist] Re: Using MS Outlook in firewalled systems / OWA limited functionality? http://www.MSExchange.org/ Hi Sarbjit, Another significant advantage to using the ISA firewall is the ability to perform stateful application layer inspection of the SSL tunneled data. The ISA firewall blocks hacks that would otherwise be able to hide in the tunnel that a packet filter based firewall just passes on through. Tom <http://www.isaserver.org/shinder> www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 <http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7 MVP -- ISA Firewalls _____ From: Sarbjit Singh Gill [mailto:ssgill@xxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, November 16, 2004 10:36 PM To: [ExchangeList] Subject: [exchangelist] Re: Using MS Outlook in firewalled systems / OWA limited functionality? http://www.MSExchange.org/ You don't need to use ISA 2004 for HTTP/RPC. You could do regular web publishing from the firewall. You just need the firewall to publish the /rpc virtual directory on your exchange server as secure web (https). ISA is good becuase is gets you to offload SSL and off-load the RPC-HTTP proxy tasks, and do a primary authentication on behalf of the webserver (so un-authenticated traffic never touches the Exchange Server). But if you want the SSL and HTTP-Proxy handled by the Exchange Server, then your TZ is good enough. This is what you need at the minimum (high level overview): (OUTLOOK client) Internet---------> any firewall ------------ Exchange 2003/Windows 2003--------------------domain controlller FiREWALL. : enabled secure web publishing for the rpc virtual directory on the exchange 2003 server. Domain Controller : Runs the CA for certificates for IIS on exchange. Domain controller is also GC, DC, DNS (internal), and the usual stuff Windows 2003: RPC/HTTP installed Exchange 2003: SP1 installed. RPC/HTTP enabled. Certifictate installed on IIS. OUTLOOK client: Configure RPC/HTTP. <http://www.microsoft.com/office/ork/2003/three/ch8/OutC07.htm> Configuring Outlook 2003 for RPC over HTTP http://www.microsoft.com/office/ork/2003/ <http://www.microsoft.com/office/ork/2003/three/ch8/OutC07.htm> three/ch8/OutC07.htm ISASERVER.ORG is a great resource. RPC over HTTP Deployment Scenarios <http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTPDep /a5a4c4ca-f5f5-4c3b-81f9-4d4ff07ce901.mspx> http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTPDep/ a5a4c4ca-f5f5-4c3b-81f9-4d4ff07ce901.mspx Kiind Regards Gill