Hi Al, What's nice about using ISA firewalls is that they can perform SSL to SSL bridging, which allows them to examine the contents of the SSL stream. Squid cannot do this and just passes exploits from the remote host to the OWA site. ISA firewalls really do provide a unique level of protection for OWA sites that force SSL links. Thanks! Tom www.isaserver.org/shinder -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Friday, November 07, 2003 2:11 PM To: [ExchangeList] Subject: [exchangelist] RE: OWA and Ex2k3 http://www.MSExchange.org/ Typically for a multi-server internet type deployment, you'd want a FE server to handle the obscuring of the BE servers. In other words, you don't want to open tcp 443 to each BE server and publish the server name to the internet, typically. To achieve, this use the FE server as the single point to the internet. And yes, you'd only want to open TCP 443. Even better than opening a TCP port (allow rule) from the internet to the FE server would be to use a layer-7 firewall device that proxie's the conversation between internet and FE server so you can put the FE server on the internal network and not have to worry about integrating that machine into a DMZ and opening access to the Active Directory, DNS, etc. (The FE server must be a member of the forest). ISA works in this capacity as does squid if you prefer open source. I'm sure there're others. Al -----Original Message----- From: A. Michael Salim [mailto:msalim@xxxxxxxxxxxx] Sent: Friday, November 07, 2003 2:59 PM To: [ExchangeList] Subject: [exchangelist] RE: OWA and Ex2k3 http://www.MSExchange.org/ Hi, > OWA is enabled by default. User can access by > http://exchangeservername/exchange/userid > > The user id is usually the first part of your SMTP email ID. If your > email ID is first.last@xxxxxxxxxx, the userid=first.last. Thanks! Can this be accomplished over the Internet (where ports 135 etc. are generally blocked by most ISP's) or can this be used only locally on the LAN? best regards Mike ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------