Exchange 2007 completely in a DMZ
Hello Guys, i have the following Question: Is it possible to place the Roles CAS/HUB/MAILBOX/Domaincontrollerall together in a "LAN-DMZ" (The Edge goes in a second "Internet-DMZ")? Our Customer wants this solution to Secure there LAN against the Provider who Administrate the Exchange... In this Case all Exchange-Roles and Domaincontrollers have full contact to each other, only the Clients (POP, MAPI, IMAP, HTTP) must go through a Firewall toaccess them. Is this Solution possible and supported? Could a statfull inspection Firewall manage the MAPI/RPC Connects from the Clients to Exchange/Domaincontroller? Thank you
April 23rd, 2008 8:28am

Hi, It is possible to to place the Roles CAS/HUB/MAILBOX/Domaincontroller all together in a "LAN-DMZ". You have to open ports required for AD and Exchange CAS/HUB/MAILBOX. Aslo you have to Static port mappings for MAPI client computers to connect to Exchange 2007. You can Find Port Required for Exchange 2007 Exchange 2007 port requirements here: http://technet.microsoft.com/en-us/library/bb691338(v=exchg.80).aspx The Edge goes in a second "Internet-DMZ" and have to open LDAP: Port 50389/TCP Secure LDAP: Port 50636/UDP SMTP: Port 25/TCP Optional: enable RDP: Port 3389/TCP Regards, Mani Bhushan
Free Windows Admin Tool Kit Click here and download it now
February 5th, 2012 10:33pm

Hi, This solution isn't supported. In fact, MS recommand that MAilbox, Hub and CAS servers must be on LAN. You can visit this link for more information. http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/f73be787-9381-48c2-8732-841219159e4d/ Best regards.Best Regards Don't forget to mark it as answer if it helps
February 6th, 2012 9:42am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics