[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Why put OWA on a DMZ
That's easy.... because if you have a server sitting in it's own private DMZ leg you have control over traffic in ALL directions. Should the server be compromised in any way, the firewall is still blocking the type of access it has to your lan. If you placed it on your lan it would have direct access to everything on your network. I don't open holes, I define rules for traffic in both directions. Perhaps I am paranoid, but isn't that our job? ----- Original Message ----- From: "Lawson, Shawn M." <[email protected]> To: "Checkpoint Dist List (E-mail)" <[email protected]> Sent: Thursday, January 18, 2001 12:12 PM Subject: [FW1] Why put OWA on a DMZ > > I see discussion of people putting an OWA server on a DMZ then poking holes > in the FW to allow access to the exchange server. Why not just nat the > address of the OWA server and leave it on the internal LAN? Use SSL and > allow only 443 through the firewall to the OWA server. Microsoft White > Paper hints that this is a much cleaner solution then putting the OWA on a > DMZ. What security reasons are there for the OWA on a DMZ? Seems like it > takes more management and configuration to get the OWA on the DMZ to work > and you have to open more ports on the FW and it really doesn't provide > anymore security. > > > Shawn Lawson > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|