RE: E2k -in the DMZ segment !

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Sun, 28 Sep 2003 12:33:59 -0500

Hi Brian,
I believe that MS is changing these recommendations, because you should
never extend the internal network security partition into the DMZ.
There's no point to having a DMZ if you allow intradomain communications
through the firewall.
Thomas W Shinder 
ISA Server and Beyond: 
Configuring ISA Server: 

From: Brian Parker [mailto:bparker@xxxxxxxxxxxxx] 
Sent: Sunday, September 28, 2003 11:23 AM
To: [ExchangeList]
Subject: [exchangelist] RE: E2k -in the DMZ segment !
Hi Andrey
You need to allow traffic for Port 139 RPC and (I think) LDAP 389
between DMZ and GC  - see Micrsosoft article on Front End/Back End
Brian Parker 
Senior Computing Officer 

Other related posts: