Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
887
Views
0
Helpful
4
Replies

Mailserver on a DMZ interface

ethutchinson
Level 3
Level 3

‎08-22-2007 10:16 AM - edited ‎03-11-2019 04:01 AM

What would be the advantages/disadvantages to having your internal Mailserver on the DMZ interface of an ASA5510?

Thanks

Labels:
0 Helpful
4 Replies 4

anandramapathy
Level 3
Level 3

‎08-22-2007 10:53 AM

Advantage -

Your Internal Network would be secure if your rules are good. If a virus hits your mail server, your Internal network would be still secure.

Disadvantages -

If it is an exchange server, then you need to open up lots of ports to the Internal network for the Domain related communication : )

You need to take care of backup which may involve additional routing config on the server like putting 2 NIC cards.

One for internal communication & 1 for the DMZ interface.

YOu need to do some jugglery with the Static routing on the mail server.

HTH - Pls rate if this helps

0 Helpful

kholford
Level 1
Level 1
In response to anandramapathy

‎08-23-2007 07:29 AM

I'm jumping in on this conversation but am wondering about putting 2 NICs in the mailserver in the DMZ - one NIC to the DMZ and one NIC to the inside. If the server is going to have a connection to the inside network then why even put it in the DMZ? Wouldn't that addition create another route inside your internal network?

0 Helpful

anandramapathy
Level 3
Level 3
In response to kholford

‎08-23-2007 07:50 AM

You are right, This is definitely not a good practice, care has to be taken that Routing between the 2 Interfaces must not be enabled.

another option is to backup through the firewall which will definitely load the Firewall.

However if you are keen on High Security, then put the mail server in the Inside & open up ports to the Internet

Another option is to use a Frontend - backend mail server config where the frontend is exposed to the Internet & placed in the DMZ.

Backend server is in the Inside which serves all the data to the Frontend.

0 Helpful

kholford
Level 1
Level 1
In response to anandramapathy

‎08-23-2007 08:16 AM

I like the idea of putting the mail server in the DMZ or creating a Bastion Host mail server in the DMZ and the real mail server on the inside. If you put the mail server in the DMZ you could just image/ghost it and then not back it up nightly. There really shouldn't be too much data on the server so you could just back it up monthly.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card