Edge server firewall/nic HW setup
I am setting up a 2007 edge server. I have an exchange 2003 server which is also running active directory. I have 2 new windows 2008/exchange 2007 servers in a cluster (CCR). I have 2 hub transport/client access servers running w2008/ex2007.
I have the new setup running to the point where I can send and receive mail on both exchange 2003 and 2007. I need to add the edge server to the mix. I have the edge server 2007 and forefront software installed on a standalone server. I need to connect it to the production environment, so I need to move carefully.
I understand that the recommended setup for the edge server has two firewalls. Currently my firewall has the external address of my network associated with it.Where does the second recommended firewall go? I was thinking that the new firewall would go inside the edge server, but perhaps it should go outside it?What settings does the second firewall need?
I'm also wondering how to set up the 2 nics in the edge server, but perhaps understanding the role of the second firewall will make that more clear.
Thanks so much for sharing your experience.
October 13th, 2008 6:29pm
Hi,
There is no need for 2 nic's in an edge server. 2 nic's don't give any added functionaly so just go ahead with one nic.
Leif
Free Windows Admin Tool Kit Click here and download it now
October 13th, 2008 10:55pm
Okay, I can use just one nic. But how do I physically connect it? Where do I plug that one nic into? I want the edge server in the DMZ. I didn't join it to the domain.
October 13th, 2008 11:26pm
Hi,
You need a DMZ (you FW people must be able to configure your firewall with this) and then just connect the nic to the dmz.
After the configuration of the dmz you need to open the necessary ports and you should be ready to go.
Or don't I understand your question?
Leif
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2008 12:45am
Hi Lief,
Thanks for your patience with me. Problem is, I am the FW people, and the exchange people, and the AD people.... you get the picture. It's just me. I'm trying to figure this out on my own. I understand where the Edge server should go, but I can't find any specifics. How do I set up a DMZ on a Tipping Point X505? What address do I use for the Edge nic? What ports do I forward? There's lots of EdgeSW setup info on the web, but I'm trying to understand the HW setup. Like, how do I set the firewall settings so what needs to go through goes through, but the Edge server is protected?
October 14th, 2008 5:26am
Hi,
As we mainly discuss Exchange issue, regarding how set up a DMZ on a Tipping Point X505 or issue about deploy a DMZ, youd better write a post on our Windows Server Network Access Protection forum:
http://social.technet.microsoft.com/Forums/en/winserverNAP/threads/
Thank you for your understanding,
Elvis
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2008 6:05am