I'm about to deploy Exchange 2013 in an existing 2007 environment. I've already done most of the migration (right patch level, installed both 2013 CAS and MB server).
I haven't done the change over yet though (internal and external DNS, SCP's etc)
We have a primary preexisting receive connector which uses the IP address list to control who relays through the hub transport. Since our environment it NAT.. split DNS. We have a spam/virus FW that the MX records point to, then it sends mail to the 2007 hub transport, and it's ip is in the primary receive connector.
So I'm looking through the configuration just to make sure I've thought everything through and I notice for the new CAS server, which when I pull the trigger will become the primary receiver, routing communication to the legacy infrastructure when the time comes, and I notice new receive connectors.
Client Frontend
Default Frontend
Outbound Proxy Frontend
So i have two questions.
1. I'm watching a training video and I notice in this guys lab he also has two more connectors, client Proxy (HubTransport) and Default (HubTransport). I assume I don't have those yet because my 2007 server is my hub transport, and i haven't moved the hub transport role over to the new cas server yet. That will come in a later migration phase. Am I corrent?
2. In the existing Default Frontend receive connector, in the scope section, it's ip range is wide open which I imagine happens by default during installation. Should I restrict that to match my 2007 receive connector?
When I do the migration, I don't want to leave a gaping security hole allowing external users to relay off my new server, but i'm not exactly sure how this new receive connector works since the hub transport role isn't changed. When I do this first phase of my migration, I will be changing my spam/virus FW to route mail to the new CAS along with other changes like DNS for Outlookanywhere etc..
Any help is greatly appreciated!