Results 1 to 10 of 10
  1. #1

    Question Dedicated Exchange box..

    Just wondering if there are any windows hosters out there with remote exchange boxes.

    I've seen posts with Kerio Firewall and Spam software.

    Is the best solution for remote exchange servers to have a Hardware Firewall (if budget permits) as opposed to these software firewalls?

    If you guys could please list software firewalls/vpn alternatives and/or hardware that would be optimal.

    I've been looking at a couple of different firewalls, please provide input if you have experience with this.

    Cisco PIX 500 Series
    M$ ISA 2004

    I'm leaning towards the ISA 2004 server because of its multifunctionality and application level security. Are there any alternatives to this that will provide Firewall and VPN access?

  2. #2
    Join Date
    Jan 2003
    Eastern USA
    We do exchange 2003 remote hosting and we use a Netscreen 5 which works great ping me on icq if you want more info. I know people that use ISA server but its more of an application layer firewall. I would put it behind a hardware firewall for added protection.

    ICQ 168218476


  3. #3
    Join Date
    Dec 2001
    3,640 would be a wise choice - they've been doing it for awhile.
    Simpli Networks, LLC :: :: Proudly 100% Owned.
    Providing Affordable Managed Cloud/VPS Servers & Server Management Solutions.
    We offer REAL 24x7x365 in-house support - proudly serving our customers since 2005!
    Want to learn more? Give us a call - +1 (844) 4SIMPLI or email sales[@] today!

  4. #4
    I'm not looking for a exchange host. I want to know how these people protect their clients. I'm more interested in the security measures these guys use.

    But thanks for the input.

  5. #5
    Join Date
    Nov 2002
    Originally posted by jslivko would be a wise choice - they've been doing it for awhile.
    It would probably be a good idea to actually read the thread before responding.

    ikeo: We use Cisco PIX 515's in front of all of our exchange boxes. We prefer the Cisco PIX's over other hardware based firewalls.

    I support the Human Rights Campaign!
    Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.

  6. #6
    What do you guys think of the Juniper Netscreen 5GT these seem like they are comparable to the Cisco PIX 500's...

    When people access Exchange behind the firewalls, do you supply them with VPN client software? and do they have an additional Firewall at the physical location where site to site VPN is enabled? Or do you guys just use SSL to connect in?

    Netchaser: I'd love to icq you but this may prove to be a good discussion about exchange security.

  7. #7
    Join Date
    Feb 2005
    We use netscreen 5's in front of exchange servers. We generally dont use a netscreen at the remote location as mobile users are well, mobile =) SSL in to connect, and on rare occasion we've had to have users VPN in because the ISP at the location they happened to be at were blocking smtp or what have you. I've not used a pix to compare but once set up we've had no problems with the netscreens.

  8. #8
    Join Date
    Aug 2004
    Karachi, Pakistan
    FWIW - we use Netscreen 25/50 (for large accounts) and Netscreen 5s (for smaller accounts) for Front-end Firewalls as well as an IPS and IDS. The IPS/IDS are shared appliances with virtual client settings.

    Clients connect via VPN usually and some just connect straight in - just an ACL/Firewall policy. Some SSL in. Still haven't bagged in a client that uses 2-factor authentication for server log-in.

    "I drink too much. The last time I gave a urine sample it had an olive in it. ".
    Rodney Dangerfield (from "I Get No Respect!").

  9. #9
    Join Date
    Jan 2004
    North Yorkshire, UK
    We've been using Exchange internally for quite a while however the only remote access available is via VPN or OWA. VPN wise we just use the standard Windows IPSEC VPN setup, means no external client software is required.

    Any other way and you are opening up quite a few unwanted ways to access your network.

    We've got a Cisco Pix 515E in the office which is really the border to our LAN, with Kerio Server Firewall on the servers blocking all unwanted traffic from all IP's except our own ranges as a second, software layer of defence.

    Also don't forget your AV with Exchange, Symantec AV Corporate with the Exchange plugin works quite nicely.


  10. #10
    Thanks Dan for the info.

    So it looks like there might be reason to do double firewalls? Hardware at the border and Software at the server level? Is this really necessary or just an added precaution?

    The 515e looks like its has application level security, vpn, firewall... The all in one i'm looking for, but is there a particular reason the 515 is used other than preference? Does it allow support for multiple private networks for colocation purposes?

    AV with Exchange is a no brainer...

    The purpose would probably be to put something like the 515 or ISA 2004 server up at the colo and site to site vpn to a remote office using a netscreen 5GT or is it better to do same brand stuff and if I use the 515 use the 501?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts