Stefaan, Thanks for the reply. When I said users I was talking about everyone with a private IP. As far as external users, I will have two types: 1. VPN over dial-up connections (employees) who will access Exchange and the internal network, and 2. People who will access the website (80 & 443). Hope this helps. -----Original Message----- From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] Sent: Thursday, December 27, 2001 3:11 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Web and Email servers... to DMZ or not to DMZ http://www.ISAserver.org Hi Barrett, you are talking about very sensitive information on your SQL server and you want to use the full blown Exchange client. Whatever firewall you choose this always a tricky problem. Before I can give you some advice, what is the scope of the user population? Should those services be available to the general public or only to a very well defined user population (i.e. internal users who work from the outside)? Can you elaborate on that? I ask that question because the full blown Exchange client is not very firewall friendly at the protocol level. Also, because the webserver need access to very sensitive information, you'll have to shield that server as much as possible. Regards, Stefaan -----Original Message----- From: Barrett Fowler [mailto:bfowler@xxxxxxxxxxxxxx] Sent: donderdag 27 december 2001 20:08 To: [ISAserver.org Discussion List] Subject: [isalist] Web and Email servers... to DMZ or not to DMZ http://www.ISAserver.org I would just like some advice. I am doing some planning before purchasing ISA as a firewall/proxy/cache server. I have a webserver and an email server that I thought I might like to put into a DMZ. The webserver must make requests to a SQL server, this would violate my internal network assuming my SQL server is on the internal network. The SQL data is very sensitive and must remain inside the internal network. Should I just publish my web and email servers and forget the DMZ? How secure is publishing compared to a DMZ? I would also like my users to be able to use the full blown Exchange client. Thanks in advance for all of your help. Cheers, Barrett ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bfowler@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')