Exchange 2007 completely in a DMZ
		
	Hello Guys,
i have the following Question:
Is it possible to place the Roles CAS/HUB/MAILBOX/Domaincontrollerall together in a "LAN-DMZ" (The Edge goes in a second "Internet-DMZ")?
Our Customer wants this solution to Secure there LAN against the Provider who Administrate the Exchange...
In this Case all Exchange-Roles and Domaincontrollers have full contact to each other, only the Clients (POP, MAPI, IMAP, HTTP) must go through a Firewall toaccess them.
Is this Solution possible and supported? Could a statfull inspection Firewall manage the MAPI/RPC Connects from the Clients to Exchange/Domaincontroller?
Thank you		
				April 23rd, 2008 8:28am
			Hi,
It is possible to to place the Roles CAS/HUB/MAILBOX/Domaincontroller all together in a "LAN-DMZ".
You have to open ports required for AD and Exchange CAS/HUB/MAILBOX. Aslo you have to Static port mappings for MAPI client computers to connect to Exchange 2007.
You can Find Port Required for Exchange 2007
Exchange 2007 port requirements here: 
http://technet.microsoft.com/en-us/library/bb691338(v=exchg.80).aspx
The Edge goes in a second "Internet-DMZ" and have to open
LDAP: Port 50389/TCP Secure LDAP: Port 50636/UDP SMTP: Port 25/TCP Optional: enable RDP: Port 3389/TCP 
 Regards, Mani Bhushan		
				Free Windows Admin Tool Kit Click here and download it now
					February 5th, 2012 10:33pm
			Hi,
This solution isn't supported. In fact, MS recommand that MAilbox, Hub and CAS servers must be on LAN.
You can visit this link for more information. 
http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/f73be787-9381-48c2-8732-841219159e4d/
Best regards.Best Regards Don't forget to mark it as answer if it helps		
				February 6th, 2012 9:42am
			 Other recent topics
			Other recent topics
		

