Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Outlook Web Access - Best pracice with FW-1

To: [email protected]
Subject: RE: [FW1] Outlook Web Access - Best pracice with FW-1
From: [email protected]
Date: Thu, 18 Jan 2001 10:30:09 -0500
Sender: [email protected]

I'm currently debating the same setup.

What I've noted so far is that:

- The OWA server is in the DMZ, while the Exchange server should stay on the
LAN.
- There's a registry edit in Exchsv 5.5 that lets you specify the range of
random ports that it will connect to the OWA server with (or moreover, allow
incoming SMTP). 
- Open those ports up between the OWA DMZ and the LAN, and only allow
traffic from a static-NATted address given to the OWA server to the address
of the Exchange server on the lan. I use 172.16.x.x here, so the address
would be the "real" address of my OWA server -> the NAT address of the OWA
server -> the 172.16.x.x address of the exchange server.

If OWA is on a networked subnet, wouldn't it have to sit on the LAN? In
which case you'd be allowing port 80 directly in, right?

My .2c...

- C


-----Original Message-----
From: Adams, Gavin [mailto:[email protected]]
Sent: Thursday, January 18, 2001 9:54 AM
To: Adrian Wilson; [email protected]
Subject: RE: [FW1] Outlook Web Access - Best pracice with FW-1



Some thoughts:

1) Stick the OWA server onto a screened subnet
2) If running Exchange 2000, be prepared to open up Active Directory
domain authentication between the OWA box (front-end) and the Exchange
Server (back-end). As I understand it, Exchange 5.5 allows for a little
better segregation between the front/back-end.
3) SSL the OWA box
4) If possible, drop a host-based IDS on the OWA box to check the IIS
logs, system files etc. Network IDS for the screened subnet is even
better.

These are just a few best practices specific to OWA.

HTH,

--- Gavin

 -----Original Message-----
From: 	Adrian Wilson [mailto:[email protected]] 
Sent:	Thursday, January 18, 2001 07:23
To:	[email protected]
Subject:	[FW1] Outlook Web Access - Best pracice with FW-1


I am intending to implement Outlook Web Access through to the Internet.
I am
concerned that the implementation should be as secure as possible and
would
like to gather information regarding best practice. Any help would be
much
appreciated.

Adrian J G Wilson
VEGA Group PLC


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Firewall Comparisons
Next by Date: [FW1] SecRemote problem?
Previous by thread: RE: [FW1] Outlook Web Access - Best pracice with FW-1
Next by thread: RE: [FW1] Outlook Web Access - Best pracice with FW-1
Index(es):
- Date
- Thread