Configure a Microsoft Exchange server 2003 as a Front-End Server

Print Friendly, PDF & Email

The interesting thing in an organization is to have secure access from the outside, That's what DMZs are used for, and logically we're not going to put an Exchange server in it with its mailboxes, since users do not need to access from the LAN to the DMZ. What you do is create one or more servers that act as a Front-End in the DMZ that have Exchange, but only for external connections, SMTP and HTTP/HTTPS traffic would enter so that users from the internet can view mail by OWA. In this step, we will create a Front-End server and see how it would be configured. It is assumed that in the LAN we will already have our(s) server(is) with MS Exchange mailboxes accessed from the LAN with MS Outlook-type mail clients.

This would be the ideal aspect of a DMZ with Exchanges, one in the DMZ that is only accessible from the outside and is only used to read mail via OWA (with HTTPS), and with SMTP redirected from the DMZ to the LAN. The Mailbox Store server would be on the LAN with all clients.

To configure what we want the FrontEnd to be, we need to open the console “Exchange System Administrator”, and on the server we want to be the Front-end right-click > “Properties”.

We only have to check the “This is a user application server”, Accept.

It would have to be restarted for the changes to take effect, or logically restart these services by hand.

As an additional, It would be interesting, Have a cluster of both servers, the one that is Front-End and the Back-End, in addition to securing OWA traffic with HTTPS.

Create a back-end server cluster – HERE
Create a Front End Server Cluster – HERE
Securing OWA over HTTPS – HERE

We should remember the ports that must be kept open between the DMZ and the LAN:
80 TCP or 443 TCP – For HTTP or HTTPS
25 TCP – SMTP
691 TCP – Link State-Algorithm Routing
389 TCP + 389 UDP – LDAP to Active Directory.
3268 TCP – Global Catalog to Active Directory
88 TCP + 88 UDP – Kerberos authentication
53 TCP + 53 UDP – DNS Name Resolution
143 TCP – Optional: IMAP
110 TCP – Optional: POP
993 TCP – Optional: Secure IMAP SSL
995 TCP – Optional: SSL POP Secure

And between the Internet and the DMZ:
80 TCP or 443 TCP – For HTTP or HTTPS
25 TCP – SMTP


Recommended Posts

Windows Server Book 2022 In Spanish
Read
New Teams on Citrix
Read
Monitoring SQL Server with Centreon
Read
PowerShell Book in Spanish
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Setting up a cluster in Microsoft Exchange 2003

20 de October de 2008

Setting up MFIs - Smart Message Filter Service - Inteligent Message Filter

20 de October de 2008