Hi Carl, I don't call opening a handful of ports "blowing holes". I think security professionals know better. What Microsoft had in mind with to keep things rediculously easy for the ill informed, that's all. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Carl Houseman [mailto:c.houseman@xxxxxxxxx] > Sent: Sunday, January 22, 2006 10:55 AM > To: [ExchangeList] > Subject: [exchangelist] RE: OWA 2003 > > http://www.MSExchange.org/ > > As always, there are two camps on this. One camp wants to > blow holes in the > firewall to permit the FE to talk to the BE. The other wants > to avoid that. > > See "Figure 1 Secure Firewall Structure" here: > <http://www.microsoft.com/technet/security/prodtech/exchangese > rver/secmod44. > mspx> > > So, Microsoft favors the FE and BE servers on the same > security zone, when > their ISA server is used as reverse proxy. > > Have fun arguing with Microsoft. When you convince them and > they change > their document, let us know. Otherwise, we already know your > opinion, so > thanks for sharing. > > Carl > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Sunday, January 22, 2006 11:31 AM > To: [ExchangeList] > Subject: [exchangelist] RE: OWA 2003 > > http://www.MSExchange.org/ > > About why putting a front-end, Internet facing, Exchange Server on the > same security zone as the back end Exchange servers. I'd like to > understand the misconceptions that underlie that assertion, so that we > can shoot them down and show how foolish they are. > > Thanks! > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: Andy David [mailto:adavid@xxxxxxxxxxxxx] > > Sent: Sunday, January 22, 2006 10:30 AM > > To: [ExchangeList] > > Subject: [exchangelist] RE: OWA 2003 > > > > http://www.MSExchange.org/ > > > > About what? > > > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Sunday, January 22, 2006 11:25 AM > > To: [ExchangeList] > > Subject: [exchangelist] RE: OWA 2003 > > > > http://www.MSExchange.org/ > > > > Hi Andy, > > > > You are patently WRONG about that. Where did you get such incorrect > > advice? Because whoever told you that is most definitely > not security > > minded. > > > > You might want to share the rationale you used for this assertion so > > that we can shoot it down sequentially and rationally. > > > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > -----Original Message----- > > > From: Andy David [mailto:adavid@xxxxxxxxxxxxx] > > > Sent: Saturday, January 21, 2006 9:57 PM > > > To: [ExchangeList] > > > Subject: [exchangelist] RE: OWA 2003 > > > > > > http://www.MSExchange.org/ > > > > > > http://www.microsoft.com/downloads/details.aspx?FamilyID=E6466 > > > 6FC-42B7-4 > > > 8A1-AB85-3C8327D77B70&displaylang=en > > > > > > > > > Don't put it in the DMZ however. That's just foolish. Put a > > > reverse-proxy in the DMZ if you must. Otherwise, keep the > Front End > > > server behind your firewall. > > > > > > > > > > > > -----Original Message----- > > > From: Dave Flaim [mailto:thethin@xxxxxxxxxxxxxxxxxxxxxxx] > > > Sent: Saturday, January 21, 2006 10:41 PM > > > To: [ExchangeList] > > > Subject: [exchangelist] OWA 2003 > > > > > > http://www.MSExchange.org/ > > > > > > Is it possible to install OWA on a separate server than > the Excange > > > 2003 server - ie. we would like to place he OWA server in > > the DMZ. Of > > > > > so does anyone have a procedure or reference? > > > > > > Thanks > > > Dave Flaim > > > CVI > > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this MSExchange.org > Discussion List as: tshinder@xxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to info@xxxxxxxxxxxxxx > >