Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
WatchGuard + ISA + Exchange = ???
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
WatchGuard + ISA + Exchange = ??? - 11.May2004 6:37:00 PM
|
|
|
eckinator
Posts: 26
Joined: 11.May2004
From: Hamburg, Germany
Status: offline
|
Hey there, everyone
I have a question regarding how to best set up access to my network - I have a watchguard firebox, one license of ISA 2000 standard and one each of exchange 2003 standard & enterprise. I have looked into the various ways of setting up my network and have found out that:
- you do not set up and exchange front-end/back-end topology with the front end in the DMZ because the front end needs to connect to an ADS and thus makes the whole concept of a DMZ pointless because of all the ports that must be opened
- when you publish OWA through an ISA server, traffic is not exactly well inspected or filtered but rather passed right on
- noone is quite so sure about how to set up a front-end/back-end firewall topology with ISA and a watchguard and where to place the DMZ (on the firebox DMZ interface, on an ISA DMZ interface or between the two and if so on which firebox interface)
Right now I am thinking of placing the exchange front and back end in the internal network and sticking ISA in the DMZ as an SMTP relay - which brings me to my question finally =)
a) does that sound like the best way to go with the means available?
b) should isa be run in firewall or integrated mode?
c) does it make a huge difference whether I use w2k or w2k3 server as the ISA platform?
d) can you give me pointers on tutorials / guides etc for this or the setup you recommend?
Thank you so much!
Eckehard
|
|
|
|
RE: WatchGuard + ISA + Exchange = ??? - 11.May2004 7:44:00 PM
|
|
|
Henrik Walther
Posts: 6849
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
|
Hi Eckehard,
I agree you should place the FE Server on your internal network and then put the ISA Server in your DMZ.
Below you will find a good document which describes exactly when you want to accomplish:
Using ISA Server 2000 with Exchange Server 2003
Concerning your question about ISA Server OS etc. I suggest you head over to ISAServer.org and find the appropriate article, if you can't find your answers then ask in their forum, they have some very competent ISA experts.
[ May 11, 2004, 09:03 PM: Message edited by: Henrik Walther ]
|
|
|
|
RE: WatchGuard + ISA + Exchange = ??? - 11.May2004 8:48:00 PM
|
|
|
eckinator
Posts: 26
Joined: 11.May2004
From: Hamburg, Germany
Status: offline
|
Thank you, Henrik!
One more question though, please:
Will I actually need the FE server or is it overkill (in both security and performance terms) for my anticipated scenario as outlined below?
55 users, current data volume 15 GB down from 30 after heavy delete operation, (mailbox quotae to be 500 MB as of migration) typically 300 MB fax & email traffic / day, typically no more than 5 concurrent OWA / OMA sessions, typical spam load 15%, no POP3 / IMAP access from outside, future watchguard VPN ex2k3 connector traffic very likely, branch office size approx. 20 users
Also, if you can, please tell me, should I put all users into one database / mail store or should I split them up and if so, what is the recommended size per database / mail store?
Thank you very much again
Eckehard
|
|
|
|
|
RE: WatchGuard + ISA + Exchange = ??? - 12.May2004 1:14:00 PM
|
|
|
Henrik Walther
Posts: 6849
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
|
Hi again Eckehard,
If you have an ISA Server in place and only one BE Server, then yes it could be overkill.
It's always good to split your users up in multiple mailbox stores, especially when speaking disaster recovery, but when you're only dealing with 55 users and 15GB it might not be necessary. Only if you for example needs to apply different mailbox limits to your users in each department.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
