04-14-2014 12:51 PM
04-15-2014 01:09 AM
Mobile Phones with ActiveSync is completly another thing then SMTP data.
If you wanna have maximum security then you need some kind of Proxy with Reverse Proxy for Outlook Web Access and ActiveSync and ESA for Antispam.
So this is how it would looks like
Email data:
Incoming:
Internet -> Firewall (NAT) -> Cisco ESA -> Exchange
Outgoing :
Exchange -> Cisco ESA -> Firewall (NAT to public MX IP) -> Internet
Mobile phones (OWA):
Incoming:
Internet (to public DNS eg webmail.domain.com) -> Firewall (NAT to Proxy) -> reverse Proxy -> Exhange
When user send mail over Active Sync then mail goes -> Exchange -> ESA -> Firewall -> Internet so you have your point of security.
So you have public DNS for
ActiveSync -> A and PTR record
Email -> A, PTR and MX.
You can route with NAT on Firewall port 22 to Cisco ESA and 443 to Revere Proxy if you dont have public IPs.
And remember to create FULL NAT when you route from internet to ESA so ESA can see real MX public IP address beacuse of IP reputation Filtering.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide