OWA without ISA server

  • From: "adrian bolzan" <abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 7 Jun 2005 19:14:30 +1000

Hi all,

We currently run Exchange 2003 with FE and BE servers.
The FE server is in a DMZ, whilst the BE servers are located on the 
Internal/protected network.
The FE servers are only accessed by staff on our WAN and selected staff via the 
internet (those with permanent IP addresses).
We do not use ISA server, although it is on the horizon, rather using a 
firewall appliance that performs stateful packet inspection, DOS, etc.

Currently, the FE server is part of our domain, and i have opened up all ports 
between the FE server and the BE server and DC's in the protected network, 
whilst restricting access from the internet to those with permanent IP 
addresses on the ADSL/cable connections. If I remember correctly, I can 
configure the communication between the FE server and the DC's to be over a 
single port, which requires registry hacks, although this has not been 

What are your thoughts, with respect to security, on allowing general HTTPS 
access to the FE server for OWA from the internet without ISA server and with 
the scenario i have painted above?


IMPORTANT - This email and any attachments is confidential.
If received in error, please contact the sender and delete
all copies of this email. Please note that any use,
dissemination, further distribution or reproduction of this
message in any form is strictly prohibited. Before opening or
using attachments, check them for viruses and defects.
Regardless of any loss, damage or consequence, whether caused
by the negligence of the sender or not, resulting directly or
indirectly from the use of any attached files, our liability
is limited to resupplying any affected attachments. 
Any representations or opinions expressed in this email are
those of the individual sender, and not necessarily those
of the Capital Transport Services.

Other related posts: