I'm in the process of deploying an install of exchange 2007. I've been asking and reading around about installing the edge server. I'm not sure which implementation to move forward with. If I ask people, @expert exchange, @cisco website, their response is Internet == FW == LAN || || DMZ == Edge Server (Edit: it isn't formatting right but DMZ is connected to FW) But if I read this forum and other sites I always see network diagrams showing Internet == FW == FW == LAN || || DMZ == Edge Server (Edit: it isn't formatting right but DMZ is connected to first FW) Interesting links showing the later setup. http://www.netometer.com/blog/?p=70 http://msmvps.com/blogs/ehlo/archive/2007/08/16/1116308.aspx Thanks

Personally I don't deploy Edge servers, as I don't think they are worth the cost of the additional Exchange licence. However if I did, they would be behind a perimeter firewall, with a second firewall between the Edge and the production network. Ideally the two firewalls would be from different vendors. Anything else simply makes the Edge server completely useless. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Personally I don't deploy Edge servers, as I don't think they are worth the cost of the additional Exchange licence. However if I did, they would be behind a perimeter firewall, with a second firewall between the Edge and the production network. Ideally the two firewalls would be from different vendors. Anything else simply makes the Edge server completely useless. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Personally I don't deploy Edge servers, as I don't think they are worth the cost of the additional Exchange licence. However if I did, they would be behind a perimeter firewall, with a second firewall between the Edge and the production network. Ideally the two firewalls would be from different vendors. Anything else simply makes the Edge server completely useless. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Hi On the occasions where I have deployed edge servers they have been in the double firewall configuration that Simon describes - I think the second of your options is the closest. What I would recommend is looking at the big picture: what are you going to use the Edges for and would a hosted/3rd party/appliance do a better job. If you are just using them for spam filtering seriously consider a hosted/appliance (depending on user numbers and Internet bandwidth) solution. Edges are nice in theory but they need to be maintained and this can be an unnecessary burden on the typical Exchange admin's time. Steve

Hi On the occasions where I have deployed edge servers they have been in the double firewall configuration that Simon describes - I think the second of your options is the closest. What I would recommend is looking at the big picture: what are you going to use the Edges for and would a hosted/3rd party/appliance do a better job. If you are just using them for spam filtering seriously consider a hosted/appliance (depending on user numbers and Internet bandwidth) solution. Edges are nice in theory but they need to be maintained and this can be an unnecessary burden on the typical Exchange admin's time. Steve

Hi On the occasions where I have deployed edge servers they have been in the double firewall configuration that Simon describes - I think the second of your options is the closest. What I would recommend is looking at the big picture: what are you going to use the Edges for and would a hosted/3rd party/appliance do a better job. If you are just using them for spam filtering seriously consider a hosted/appliance (depending on user numbers and Internet bandwidth) solution. Edges are nice in theory but they need to be maintained and this can be an unnecessary burden on the typical Exchange admin's time. Steve

The main reason for deploying an edge server is to provide employees public access to their email and protect the LAN network that can only be accessed via vpn. This install is for 400 users.

The main reason for deploying an edge server is to provide employees public access to their email and protect the LAN network that can only be accessed via vpn. This install is for 400 users.

The main reason for deploying an edge server is to provide employees public access to their email and protect the LAN network that can only be accessed via vpn. This install is for 400 users.

You need to be looking at TMGs instead. Edge servers only handle SMTP routing not remote mail access. If you want secure OWA, OutlookAnywhere and ActiveSync then you need a TMG.

To save a couple of bucks, what about ISA 2006?

To save a couple of bucks, what about ISA 2006?

To save a couple of bucks, what about ISA 2006?

ISA 2006 is fine too, I just used TMG as it's the latest one out. The big advantage of TMG is that if you wanted to create an array (cluster) you only need 2 servers compared to the 3+ you need with ISA. TMG is also 64bit so it can be installed on Server 2008 R2 where ISA cannot. If these aren't big issues for you then go with 2006. The configuration steps are pretty much identical on both editions.

ISA 2006 is fine too, I just used TMG as it's the latest one out. The big advantage of TMG is that if you wanted to create an array (cluster) you only need 2 servers compared to the 3+ you need with ISA. TMG is also 64bit so it can be installed on Server 2008 R2 where ISA cannot. If these aren't big issues for you then go with 2006. The configuration steps are pretty much identical on both editions.

ISA 2006 is fine too, I just used TMG as it's the latest one out. The big advantage of TMG is that if you wanted to create an array (cluster) you only need 2 servers compared to the 3+ you need with ISA. TMG is also 64bit so it can be installed on Server 2008 R2 where ISA cannot. If these aren't big issues for you then go with 2006. The configuration steps are pretty much identical on both editions.