Re: E2K and SonicWALL

  • From: "Christian Kurmann" <ckurmann@xxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 22 Feb 2002 17:46:08 +0100

Hi Alex

DMZ is a good place for it if you want real heavy security. However
Exchange2000 is a b*tch wenn it comes to configuring the open ports on
the firewall. Your internal users will want to use exchange in a
Microsoft Exchange server Setup, and thus be able to use all the neat
exchange features like the synchronised calender, and tasks, and beeing
able to look the the calender of other users for planning meetings...
Well if they want that, you need to open all TCP ports from 3000 to 4000
(if your lucky otherwise even more.) This is because as soon as you move
away from exchange in a Internet email setup utelising only POP3 and
SMTP, Exchange and outlook communicate over a automaticly chosen port in
the discribed range...

Also the Sonicwall will crash if you chose too big a range of ports to
open so be careful.

So, DMZ is nice but doesn't really work. Either you use only POP3 and
SMTP, You put the exchange into your side of the firewall, or you put a
secound server into the DMZ and have your internal clients make VPN
connections to the other server and connect to Exchange from there
(Meaning above all other overhead that you will have to open the VPN

Now I might and accually hope I'm very wrong with this, but I'm afraid I
haven't found the little button in exchange to make it send all
information over SMTP and POP3...

Greatings from Switzerland.

-----Original Message-----
From: Eric Lanyon [mailto:elanyon@xxxxxxx] 
Sent: Donnerstag, 21. Februar 2002 22:04
To: [ExchangeList]
Subject: [exchangelist] Re: E2K and SonicWALL

I would say behind in the Firewall and do One to One NAT, which maps a
Public IP to the Private IP.  Then open SMTP and POP3 traffic generated
from the Internet to that Private IP.  

>>> alex@xxxxxxxx 02/21/02 12:51PM >>> 

Hello all,
Where do I place Exchange 2000 server in reference to 3-interface
firewall (SonicWALL with DMZ)? Should it be on the private network or in
DMZ? Thank you for the help
Alex Randjelovic
IT Manager
MagiTech, Inc.

You are currently subscribed to this Discussion List as:
To unsubscribe send a blank email to

You are currently subscribed to this Discussion List as:
ckurmann@xxxxxxxx To unsubscribe send a blank email to

Other related posts: