Q

Setting up ISA servers

I currently have my front-end OWA/IMAP servers and my SMTP servers in our DMZ behind a Cisco PIX firewall. It has been recommended that I set up ISA servers to sit in the DMZ and place the front-end servers behind the inside firewall. This is supposed to cut down the number of ports that we will be required to open on the inside firewall for these servers to speak with DNS, Active Directory as well as the back-end servers. The Cisco administrator has told me that ISA seems to be simply a software firewall/VPN server/web caching, and as such we would be better served either using NAT, or adding a third PIX into the DMZ. Are there any specific application level benefits of using ISA to secure Exchange communication in addition to using a hardware firewall, or is ISA supposed to be used as a standalone firewall?
You can use Microsoft ISA Server as a standalone firewall, and you can also use it to publish Exchange resources (e.g., OWA, SMTP, IMAP4, POP3, RPC over HTTP). But because an Exchange front-end server needs to communicate with Active Directory before it can proxy a client request to a back-end server, most folks prefer to not put the front-end server in a DMZ. Instead, most folks will open a port on their firewall and direct it to one or more front-end servers inside the network. This would mean you only have to open a single port per protocol (e.g., 443 for HTTPS, 993 for IMAPS and 25 for SMTP).
This was first published in June 2004

Dig deeper on Email Protocols

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close