05-02-2004 04:47 PM - edited 02-20-2020 11:22 PM
Hi,
Recently I have to install a PIX with three interface to protect a MS Exchange System. A front end exchange 2003 server will be placed in the DMZ. A back end Exchange 2003 together with the Domain Controller, Global Catalog Server will be placed in the internal network. And these two MS exchanges have to be synchronized with other MS exchange servers on other remote sites. I have done some reseraches on this and found that there are so many ports have to be opened on the firewalls. Very confusing. Can anybody provide a sample PIX configuration for this? You help is much much appreciated.
Andrew
05-02-2004 06:00 PM
Hi,
Just more information:
1) Other Exchange servers on remote sites are Exchange 5.5
2) There will be three servers in the internal netowrk: a back end Exchange 2003 server, and two Window 2003 Domain Controllers
Thanks
Andrew
08-10-2004 01:34 PM
Andrew,
I was wondering if you ever came to a solution on this. I am currently trying setup the same configuration. Any help would be greatly appreciated.
Thanks,
Jeff
08-10-2004 08:12 PM
Hi there,
Its a simple stuff.I would recommend to do as follow....
Keep your Front End server in DMZ.
Configure secure connection on it and no access but 443.Direct traffic on ssl port coming on to public interface ip on to FES. Hack in registry of various internal network servers for keeping RPC to one port and this will keep you from opening lots of ports for authentication.
Let your Global Catalog server and Back end exchange server be in Internal higher security level network.
Open 389 and 3268 for LDAP and GCS communication to internal network.DNS and AH or ESP will be needed (later 2 only for ip security) which depends on your mode of encryption used.
If you are more worried about hackers on ur internal subnet then I would go for ip security implementation for internal and FES network.
Thats it.
Very simple.
Cheers
Vivek B Bakal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide