Decision taken: Member Server... Thanks everyone.. Now the next issue. Since this server will be in the DMZ, I need to know which ports I have to open I have separate rules for: 1. intra-server communication 2. communication between Exch and the clients 3. communication between Exch and VPN clients (which I guess would be the same as 2). Does anyone have a site/document with a list of ports required and for what they're required? Thanks Andrea -----Original Message----- From: Andrea Coppini [mailto:AndreaCoppini@xxxxxxxx] Sent: 22 August 2002 6:38 PM To: [ExchangeList] Subject: [exchangelist] RE: New Exchange 2000 Server - Recommendations http://www.MSExchange.org/ We're only 'publishing' SMTP, HTTP and IDENT ports to the public internet. The DMZ is protected by the firewall. AD is only available to VPN and internal users 3 is on a siesta. -----Original Message----- From: Robert Abela [mailto:robert@xxxxxxx] Sent: 22 August 2002 6:15 PM To: [ExchangeList] Subject: [exchangelist] RE: New Exchange 2000 Server - Recommendations http://www.MSExchange.org/ 1) OWA it is better to publish port 80 only to that server than to publish all those actrive directory connections. 2) VPN users connect directly to the exchange server machine? 3)you missed it :) -----Original Message----- From: Andrea Coppini [mailto:AndreaCoppini@xxxxxxxx] Sent: Thursday, August 22, 2002 5:47 PM To: [ExchangeList] Subject: [exchangelist] RE: New Exchange 2000 Server - Recommendations http://www.MSExchange.org/ It's not the only DC. There will be another 2 DCs internally... OK, I answered myself :-) Exch in DMZ for the following reasons: 1> OWA (heavily used in our company) 2> VPN users (also heavily used) 4> we use Checkpoint FW and we'd rather not use e-mail 4> forwarding/NAT'ing for Exch (K.I.S.S.) -----Original Message----- From: Robert Abela [mailto:robert@xxxxxxx] Sent: 22 August 2002 5:35 PM To: [ExchangeList] Subject: [exchangelist] RE: New Exchange 2000 Server - Recommendations http://www.MSExchange.org/ Hi Andrea, Well, it depends if it would be the only DC in the domain. Just for curiousity what is the use of exposing exchange in the DMZ? -----Original Message----- From: Andrea Coppini [mailto:AndreaCoppini@xxxxxxxx] Sent: Thursday, August 22, 2002 5:20 PM To: [ExchangeList] Subject: [exchangelist] RE: New Exchange 2000 Server - Recommendations http://www.MSExchange.org/ Inline... -----Original Message----- From: Robert Abela [mailto:robert@xxxxxxx] Sent: 22 August 2002 4:00 PM To: [ExchangeList] Subject: [exchangelist] RE: New Exchange 2000 Server - Recommendations http://www.MSExchange.org/ Hi Andrea, -It is better if you install exchange on a DC cause you would reduce network traffic between the servers and exchange hasn't constantly have to check for credentials on other dc's. I agree in that respect, however, since my Exch server will be in the DMZ, wouldn't it also be increasing network traffic if it is a DC since internal users will be authenticating against it? -We've got an exchange with windows service pack2 and exchange service pack 2. In testing enviroment we've got exchange installed on windows sp3 and exchange sp3 and till now they never gave us trouble, infact we are planning to install the new service packs soon on the life servers. It shouldn't be a problem. Ok, will go for SP3. After all, SPs are just a collection of all previous hotfixes, which should be applied anyway. Thanks. Andy Regards, Robert Abela - GFI Software Ltd. Security & Messaging software for Windows 2000 GFI: MailSecurity - FAXmaker - DownloadSecurity for ISA Server - GFI Mail essentials - LANguard Security Event Log Monitor http://www.gfi.com -----Original Message----- From: Andrea Coppini [mailto:AndreaCoppini@xxxxxxxx] Sent: Thursday, August 22, 2002 3:44 PM To: [ExchangeList] Subject: [exchangelist] New Exchange 2000 Server - Recommendations http://www.MSExchange.org/ Hi gurus, I'm installing a brand new Exchange 2000 server to migrate our present Exch 5.5 mailboxes onto. This will be part of a new Win2K domain (which is already up and running). Q1: Shall I set up the server as a DC so it won't have to constantly verify credentials against the existing DC server? I know there is no need for Exchange 2k to run on a DC, but what is your opinion? Exch 2k on Win2K DC or Exch 2k on Win2k Member Server? Q2: Service Packs: Right now all my Win2k servers are happily running SP2, shall I install Win2k SP3 on this new server straight away or stick with SP2? Also, which Exch 2k SP would you recommend installing? Thanks Regards Andy Andrea Coppini +356 79 ANDREA (263732) andreacoppini@xxxxxxxx EMPOWER PEOPLE - THE WORLD IN YOUR HAND iWG (iWORLD GROUP) is a global e-mobile company creating, building and growing new businesses. iWG founders are pioneers in creating multi-billion dollar mobile and Internet businesses in Europe, Asia and the US. The Global Partners include the shareholders Bank of America, Deutsche Bank, Hikari Tsushin, McCaw, PaineWebber/UBS, The Dolphins' Trust, Perikles Trust and the iAA Advisory Network. www.iWG.info www.countryprofiler.com/iWG Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: robert@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This mail was content checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection and anti-virus for Exchange & SMTP servers. Spam, viruses, dangerous attachments and offensive content are removed automatically. Key features include: Multiple virus engines; Email content & attachment checking; Exploit shield - email intrusion detection & defence; Email threats engine - analyses & defuses HTML scripts, .exe files & more. In addition to GFI MailSecurity, GFI also produces the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP. ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: andreacoppini@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: robert@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This mail was content checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection and anti-virus for Exchange & SMTP servers. Spam, viruses, dangerous attachments and offensive content are removed automatically. Key features include: Multiple virus engines; Email content & attachment checking; Exploit shield - email intrusion detection & defence; Email threats engine - analyses & defuses HTML scripts, .exe files & more. In addition to GFI MailSecurity, GFI also produces the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP. ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: andreacoppini@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: robert@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This mail was content checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection and anti-virus for Exchange & SMTP servers. Spam, viruses, dangerous attachments and offensive content are removed automatically. Key features include: Multiple virus engines; Email content & attachment checking; Exploit shield - email intrusion detection & defence; Email threats engine - analyses & defuses HTML scripts, .exe files & more. In addition to GFI MailSecurity, GFI also produces the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP. ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: andreacoppini@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: andreacoppini@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')