Publishing OWA 2010 seurily in DMZ (Full Version)

All Forums >> [Microsoft Exchange 2010] >> Outlook Web Access



Message


Majid Bin Sawad -> Publishing OWA 2010 seurily in DMZ (7.Dec.2011 12:36:12 AM)

Gentlemen,

We have MS exchange 2010 in our org. we want to be able to access our mailboxes through OWA when we are at home using a web browser. What is the best way to publish OWA in the DMZ considering:

1- We have a web proxy (Websense) which is by the way not a reverse proxy.

2- We have an email gateway (Websense as well).

3- Our network is protected using 2 layers of firewalls.

4- We don't want to use MS TMG / MS ISA, since we already have firewalls and a proxy.

5- We got a Juniper SA box, but the number of concurrent sessions is very limited.

6- We want to maintain the security as much as possible.


So,

What are your advices?

Thanks in advance




mark@mvps.org -> RE: Publishing OWA 2010 seurily in DMZ (7.Dec.2011 7:46:29 AM)

Upgrade your option 5 or replace it with something else.
Just know that the CAS is not allowed in the DMZ so don't even make that option 7.




Majid Bin Sawad -> RE: Publishing OWA 2010 seurily in DMZ (7.Dec.2011 11:22:27 AM)

Thanks Mark for your response.

What about the way mentioned here:
http://community.spiceworks.com/topic/170411-exchange-2010-owa-and-edge

Is it secure/ recommended? Is there any problem in applying it?
Because it seems that is exactly what we need.

Please advise

Regards,




Majid Bin Sawad -> RE: Publishing OWA 2010 seurily in DMZ (10.Dec.2011 2:17:26 PM)

Any help ..




mark@mvps.org -> RE: Publishing OWA 2010 seurily in DMZ (10.Dec.2011 8:09:57 PM)

Do it if you want.
If it stops working you can't call Microsoft.
Apart from that, who cares. If you want to md the guy says it's ok, do it.




Majid Bin Sawad -> RE: Publishing OWA 2010 seurily in DMZ (11.Dec.2011 12:54:42 AM)

Thanks Mark,

So what is Microsoft recommendation?

Because it obvious from your reply that this approach is not recommended.

Regards,




mark@mvps.org -> RE: Publishing OWA 2010 seurily in DMZ (11.Dec.2011 7:22:29 AM)

Direct 443 to the CAS. If you are a small business you can still use TMG/ISA.
Be less paranoid.
Use Juniper or Cisco or one of a myriad of other solutions.




Page: [1]