On 5/1/05, Jason Gomes wrote:
> What is the preferred placement for a OWA front-end server given these
> two possible network configurations and why?
>=20
> 1) [Internet] <=3D=3D> [PIX Firewall] <=3D=3D> [ISA Proxy] <=3D=3D> [PIX =

Firewall]
> <=3D=3D> [OWA] <=3D=3D> [Internal Net w/Exchange Svr]
>=20
> 2) [Internet] <=3D=3D> [PIX Firewall] <=3D=3D> [ISA Proxy] <=3D=3D> [OWA]=

<=3D=3D> [PIX
> Firewall] <=3D=3D> [Internal Net w/Exchange Svr]
>=20
> Notes:
> The ISA server is performing a reverse proxy for HTTPS connections.
> In #1, the backend firewall will only allow port 443 through to OWA.
> In #2, all ports required for OWA to communicate with the internal
> exchange server is allowed.


What type of clients? Road warrior employees with laptops? If so, how abou=
t:

3) Verified client with proprietary VPN client and AES 256 -> Big bad
Innernat -> Firewall only allowing connections from proprietary VPN
client -> ISA Proxy -> OWA & Exchange

....D
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards