November 30th, 2004, 05:19 PM
Hi, I've been reading a lot about the FrontEnd-BackEnd Exchange 2003 architecture. ..
Now we have (Exchange 2000) FE Server on a DMZ with a public IP, and a BE Server on the corporate network with a private IP and tons of ports open from FE to BE and Domain Controllers for authentication stuff...
We are in migration to 2003 process... and I think that the best solution will be to install both servers (FE and BE) on the corporate network, and do NAT from a public address to a private FE IP (using 443 port only for SSL), what do you guys think about it?
By the way, any good HIDS I could use in the front end?
November 30th, 2004, 07:50 PM
I would never put any type of exchange server into a fully accessible DMZ. Using NAT is the only good solution. Since you said you are moving to 2003 you will probably want to read up on RPC over HTTP functionality that you get with 2003.
MS recommendations on securing your front-end/back-end configuration-
One of the better examples of how to use rpc over http is here- http://support.microsoft.com/default...b;en-us;840255
How to configure it-
Also, as for good IDS filters that are written for OWA the only ones that I'm aware of are the ones that come with ISA server.