Mr555
Thu Oct 04 15:13:04 PDT 2007
Thanks
Mr555
"John Oliver, Jr. [MVP]" wrote:
> No FE server is needed here.
>
> --
> John Oliver, Jr
> MCSE, MCT, CCNA
> Exchange MVP 2007
> Microsoft Certified Partner
>
>
> "Mr555" <Mr555@discussions.microsoft.com> wrote in message
> news:2ADACAD4-C85A-4F43-AEC2-7048AD20CD85@microsoft.com...
> > Hello John
> >
> > Sorry about that, I just want to clearify the OWA setup. Do I need a front
> > end server for the SSL , certification configuration ? or just enable SSL
> > on
> > the firewall and use certificate like startcom to work with the internal
> > Exchange serevr. (192.188.0.1) (we only have 1 2003 Exchange server)
> > should
> > work
> >
> >
> > Thank you
> >
> > "Mr555" wrote:
> >
> >> Hello John
> >>
> >> Thank you so much for your recomendations. I will have a read through
> >> those
> >> article and work on it ..
> >>
> >> much appreciated
> >>
> >> Mr555
> >>
> >> "John Oliver, Jr. [MVP]" wrote:
> >>
> >> > With any firewall including ISA you will only need to allow Port 443
> >> > Nat'd
> >> > to the internal IP of your Exchange Server (192.160.0.0), thats all the
> >> > configuration needed. No configuration is necessary on the Exchange
> >> > 2003
> >> > server for OWA other then enabling SSL which will require a
> >> > certificate. I
> >> > prefer using a Commercial Cert from InstantSSL or Versign or Network
> >> > Solutions. If you enable Forms Based Authentication and use Exchange
> >> > Activesync for Windows Mobile Devices you will need look at this
> >> > article,
> >> >
http://support.microsoft.com/default.aspx/kb/817379. For securing OWA
> >> > with
> >> > SSL,
> >> >
http://www.msexchange.org/tutorials/SSL-Enabling-OWA-2003-Using-Free-3rdParty-Certificate.html
> >> >
> >> > As for external URL for users to get into OWA, by default they will be
> >> > able
> >> > to get OWA by external IP or your Mail Record which typically
> >> > mail.yourdomain.com. I prefer to create an additional A Record such
> >> > webmail.yourdomain.com for ease of use for users. Have the company
> >> > responsible for your external DNS records create one for you.
> >> >
> >> > ISA Server will take some learning but its overly difficult to learn.
> >> > The
> >> > only downside of ISA Server I can see is that you will need an
> >> > additional
> >> > server whereas any hardware firewall such as your Netscreen does not.
> >> > I
> >> > would say download and trial ISA to see if its something you want to
> >> > implement. I cannot say anything bad about ISA because its great
> >> > product,
> >> > but if you already have a Corporate Firewall I dont see the need to
> >> > lose
> >> > your initial investment in that.
> >> >
> >> > --
> >> > John Oliver, Jr
> >> > MCSE, MCT, CCNA
> >> > Exchange MVP 2007
> >> > Microsoft Certified Partner
> >> >
> >> >
> >> > "Mr555" <Mr555@discussions.microsoft.com> wrote in message
> >> > news:F032DC68-D3CC-4482-8D91-823039159C53@microsoft.com...
> >> > > Hello John
> >> > >
> >> > > Thank you for your reply in regards to my concern with OWA, we use
> >> > > Netscreen
> >> > > firewall. We have a third party antispam / antivirus gateway on our
> >> > > DMZ,
> >> > > all
> >> > > e-amil will first get filter before relay to our internal exchange
> >> > > server.
> >> > > I
> >> > > have never use OWA, may I ask what sort of configuration require to
> >> > > allow
> >> > > our
> >> > > Firewall direct the traffic from the outside to the internal Exchange
> >> > > Server.
> >> > > Do I need to enable anything on the Exchange server ? client from the
> >> > > outside
> >> > > world would type in https://192.168.0.0(external IP) to access OWA ?
> >> > >
> >> > > We don't have ISA server. IF I go for the ISA option " which is more
> >> > > difficult??", I will have to download the trial version for testing
> >> > > OWA.
> >> > >
> >> > > much appreciated for your suggestion
> >> > >
> >> > > Mr555
> >> > >
> >> > >
> >> > >
> >> > >
> >> > >
> >> > >
> >> > >
> >> > > "John Oliver, Jr. [MVP]" wrote:
> >> > >
> >> > >> ISA Server with Exchange is definitely secure but I would also say
> >> > >> any
> >> > >> Corporate Firewall with Exchange is secure since you are only
> >> > >> allowing
> >> > >> SSL
> >> > >> or Port 443 traffic to Exchange for OWA and RPC over HTTPs. Here is
> >> > >> great
> >> > >> article to get you started with ISA and Exchange setup but as I
> >> > >> stated,
> >> > >> any
> >> > >> Corporate Firewall such as Sonic or Cisco ASA 5500 would protect
> >> > >> your
> >> > >> network.
> >> > >>
> >> > >>
http://www.petri.co.il/configure_isa_to_publish_owa.htm
> >> > >>
> >> > >> --
> >> > >> John Oliver, Jr
> >> > >> MCSE, MCT, CCNA
> >> > >> Exchange MVP 2007
> >> > >> Microsoft Certified Partner
> >> > >>
> >> > >>
> >> > >> "Mr555" <Mr555@discussions.microsoft.com> wrote in message
> >> > >> news:45A31627-1FC0-4CF1-8610-8A060433CD6F@microsoft.com...
> >> > >> > Hello Everyone.
> >> > >> >
> >> > >> > I am looking at setting up a web mail features for the company I
> >> > >> > am
> >> > >> > currently working for. At present we are running Exchange 2003
> >> > >> > Server
> >> > >> > in a
> >> > >> > single domain enviroment, My boss suggested we should enable web
> >> > >> > mail
> >> > >> > features to allow our Senior management to access that e-mail via
> >> > >> > the
> >> > >> > web,
> >> > >> > If
> >> > >> > they like it then we can spent the money and buy a more power
> >> > >> > server
> >> > >> > and
> >> > >> > software for this project. I understand it is unsecure to open
> >> > >> > port on
> >> > >> > the
> >> > >> > firewall to allow user connecting from the outtside world to the
> >> > >> > internal
> >> > >> > exchange server. I also read is not the best option to have the
> >> > >> > front
> >> > >> > end
> >> > >> > server on the DMZ connect to the backend Exchnage server. I was
> >> > >> > told
> >> > >> > best
> >> > >> > to
> >> > >> > use ISA server. unfortunate I have no experience in this area, I
> >> > >> > am
> >> > >> > hoping
> >> > >> > someone here may be able to point me to the right direction for
> >> > >> > this
> >> > >> > setup
> >> > >> > and configuration
> >> > >> >
> >> > >> > Thank you
> >> > >> > Mr555
> >> > >>
> >> >
>