Yes, reverse proxy, which is the FE Exchange Server, does belong on the firewall's DMZ. In my deployments, the ISA firewall's DMZ. So I guess we agree. I thought you were recommending that the FE and the BE both belong in the same security zone. My bad! Thanks! Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Andy David [mailto:adavid@xxxxxxxxxxxxx] > Sent: Sunday, January 22, 2006 11:02 AM > To: [ExchangeList] > Subject: [exchangelist] RE: OWA 2003 > > http://www.MSExchange.org/ > > I think a reverse-proxy in the DMZ with the FE behind the firewall is > preferred. You may think otherwise. I respect that, and your > experience > in these matters, however, I do not agree that your solution is > necessarily the best anymore than you think mine is. I know security > people who themselves had taken both sides of the argument as well. > > That's ok, The OP can decide, for himself. I am not going to lose any > sleep if everyone on this list disagrees with me or not. > > Now see, I did expend energy :) > > > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Sunday, January 22, 2006 11:45 AM > To: [ExchangeList] > Subject: [exchangelist] RE: OWA 2003 > > http://www.MSExchange.org/ > > One of my jobs is to make sure that misinformation and incorrect > information is not promulgated on these boards. What you wrote was > consistent with incorrect information, but I wanted to make sure I > didn't misunderstand what you said. > > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: Andy David [mailto:adavid@xxxxxxxxxxxxx] > > Sent: Sunday, January 22, 2006 10:45 AM > > To: [ExchangeList] > > Subject: [exchangelist] RE: OWA 2003 > > > > http://www.MSExchange.org/ > > > > Yes, we all know that you think you know a lot. > > Good luck with that! > > > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Sunday, January 22, 2006 11:42 AM > > To: [ExchangeList] > > Subject: [exchangelist] RE: OWA 2003 > > > > http://www.MSExchange.org/ > > > > Hi Andy, > > Sounds like you don't have a rationale, just a *belief*. > > Wishes, dreams, > > and beliefs really don't belong in a secure network design. > > > > And that's not how I *feel*, that's what I *know*. > > > > HTH, > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > -----Original Message----- > > > From: Andy David [mailto:adavid@xxxxxxxxxxxxx] > > > Sent: Sunday, January 22, 2006 10:36 AM > > > To: [ExchangeList] > > > Subject: [exchangelist] RE: OWA 2003 > > > > > > http://www.MSExchange.org/ > > > > > > I don't think so, but hey, to each his own. I think you are > > WRONG. ( > > > my caps work as well). > > > I'll let you carry this argument on with yourself as > isn't worth my > > > energy. > > > > > > > > > > > > > > > -----Original Message----- > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > Sent: Sunday, January 22, 2006 11:25 AM > > > To: [ExchangeList] > > > Subject: [exchangelist] RE: OWA 2003 > > > > > > http://www.MSExchange.org/ > > > > > > Hi Andy, > > > > > > You are patently WRONG about that. Where did you get such > incorrect > > > advice? Because whoever told you that is most definitely > > not security > > > minded. > > > > > > You might want to share the rationale you used for this > > assertion so > > > that we can shoot it down sequentially and rationally. > > > > > > Tom > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://spaces.msn.com/members/drisa/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > > > > > > > > > > > -----Original Message----- > > > > From: Andy David [mailto:adavid@xxxxxxxxxxxxx] > > > > Sent: Saturday, January 21, 2006 9:57 PM > > > > To: [ExchangeList] > > > > Subject: [exchangelist] RE: OWA 2003 > > > > > > > > http://www.MSExchange.org/ > > > > > > > > http://www.microsoft.com/downloads/details.aspx?FamilyID=E6466 > > > > 6FC-42B7-4 > > > > 8A1-AB85-3C8327D77B70&displaylang=en > > > > > > > > > > > > Don't put it in the DMZ however. That's just foolish. Put a > > > > reverse-proxy in the DMZ if you must. Otherwise, keep the > > Front End > > > > server behind your firewall. > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Dave Flaim [mailto:thethin@xxxxxxxxxxxxxxxxxxxxxxx] > > > > Sent: Saturday, January 21, 2006 10:41 PM > > > > To: [ExchangeList] > > > > Subject: [exchangelist] OWA 2003 > > > > > > > > http://www.MSExchange.org/ > > > > > > > > Is it possible to install OWA on a separate server than > > the Excange > > > > 2003 server - ie. we would like to place he OWA server in > > > the DMZ. Of > > > > > > > so does anyone have a procedure or reference? > > > > > > > > Thanks > > > > Dave Flaim > > > > CVI > > > > > > > > ------------------------------------------------------ > > > > List Archives: > > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > > Exchange Newsletters: > > http://www.msexchange.org/pages/newsletter.asp > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this MSExchange.org > > Discussion List > > > > as: > > > > adavid@xxxxxxxxxxxxx To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > > Report abuse to info@xxxxxxxxxxxxxx .org > > > > > > > > ------------------------------------------------------ > > > > List Archives: > > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > > Exchange Newsletters: > > http://www.msexchange.org/pages/newsletter.asp > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this MSExchange.org > > Discussion List > > > > as: tshinder@xxxxxxxxxxx To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > > Report abuse to info@xxxxxxxxxxxxxx > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > Exchange Newsletters: > http://www.msexchange.org/pages/newsletter.asp > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this MSExchange.org > Discussion List > > > as: > > > adavid@xxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > Report abuse to info@xxxxxxxxxxxxxx > > > ge.org > > > > > > ------------------------------------------------------ > > > List Archives: > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > Exchange Newsletters: > http://www.msexchange.org/pages/newsletter.asp > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this MSExchange.org > Discussion List > > > as: tshinder@xxxxxxxxxxx To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > Report abuse to info@xxxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this MSExchange.org Discussion List > > as: > > adavid@xxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > Report abuse to info@xxxxxxxxxxxxxx > > hange.org > > > > ------------------------------------------------------ > > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this MSExchange.org Discussion List > > as: tshinder@xxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > Report abuse to info@xxxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this MSExchange.org > Discussion List as: > adavid@xxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to info@xxxxxxxxxxxxxx > abuse to info@xxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this MSExchange.org > Discussion List as: tshinder@xxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to info@xxxxxxxxxxxxxx > >