Deploying Exchange 2007, ISA 2006 in a pix firewall environment.
I'm in the process of deploying exchange 2007. This is my current setup.
Internet == Pix == LAN
To have the least impact on throughput, I have some question on deploying Exchange, edge transport, and ISA. Would anyone say this is correct?
Internet == ISA == Edge transport == PIX == LAN
or
Internet == ISA == PIX == LAN
PIX DMZ == Edge transport
Thanks in advance.
February 25th, 2012 11:48am
I think your second is closer. Each device (ISA / Edge) provides different functionality. I would set it up as follows:
Internet - PIX - EDGE (in DMZ) - PIX - LAN
Internet - PIX - ISA (dual NIC, Dual DMZ port) - PIX - LAN
This works great and provides more security (ISA dual DMZ - no LAN interface). However, I have also setup this:
Internet - PIX - ISA - LAN
Both will work.
JAUCG
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2012 1:46pm
Any updates?JAUCG
February 25th, 2012 2:44pm
I would not recommend putting the ISA in between Exchange and PIX. I would rather publish the OWA behind ISA or behind the PIX. Publishing behind ISA is much better as it does reverse proxy and authentication gets done visa ISA and which is best comparing
to PIX. On pix you will have to allow the 443 and fwd the traffic to the translated ip while ISA does inspect the traffic in SSL too.
check out this blog. - tmgblog.richardhicks.com
Where Technology Meets Talent
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2012 10:47pm