If we have a Microsoft Exchange Server organization already deployed on our network and we want to give it more security, we may deploy an Exchange server in the DMZ or DMZ with the intent not to directly expose our Exchange servers on the LAN to the internet. Microsoft has a role or function called Edge Transport function that will allow us to filter spam, as well as antivirus or create transport rules.

To prepare our Edge Server, we will have to install the prerequisites that we can find in http://www.bujarra.com/?p=3698. Once installed, we will have to take into account that this equipment being in the DMZ will not belong to any domain! but we will have to configure the DNS suffix with the name of our domain, for this, in the properties of “Team” where the team would be renamed, by clicking on the “More…” We added a “This computer's primary DNS suffix”. We accept and restart the equipment.

Once restarted, we start the Microsoft Exchange Server wizard 2010 and in “Type of installation” we will have selected custom to here select only the component of “Edge transport function”. Select the route where we will install them & “Following”,

We don't join experience enhancement programs…

..check the requirements…

Ok, if we meet all the requirements, we can install it by clicking “Install”,

…

And after a few minutes we will have our edge server installed. Click on “End” and we can uncheck the check of “Finish the installation using the Exchange Management Console”,

What we have to do now is generate an XML file on the edge server using the console “Exchange Management Shell” to create a subscription file. With this we will achieve that through the replication of EdgeSync this server is manageable from within the organization. To make this work, Logically we will have to have the necessary ports open in both directions, as well as correct name resolution.

Run: “New-EdgeSubscription -FileName: FILE” and copy the file to the Exchange server 2010 that we have within the organization to import it later.

If we open the “Exchange Management Console” on the Edge Transport server, In this console we will have the toolbox that will be quite useful to detect problems or analyze what interests us. All the configuration that must be made of this server will not be done from this console but from the organization's server(s) that are inside the LAN.

Example of certain troubleshooting tests (http://testexchangeconnectivity.com).

Well, Continue, we go to a LAN server to continue with the Edge Server subscription in our Exchange Server organization 2010. We open the “Exchange Management Console”, We're going to “Organization Settings” > “Concentrator transport” > eyelash “Edge subscriptions” and with right button “New Edge Subscription…”

We examine and select the site from our Active Directory to which we will subscribe our DMZ server, and in the subscription file we enter the previously generated file. Click on “New” to create it.

List, Click on “End”,

Now all the necessary configuration can be done from here. We will need to create a shipping connector, One Reception, indicate the accepted domains and the configuration that we are interested in to avoid SPAM, which is configured in a very simple way.