Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OWA Configuration 1

Status
Not open for further replies.
xyz98

xyz98

MIS
Jun 20, 2001
14
US
I have to setup OWA on Exchange2000 running on a cluster server behind a PIX 515 firewall. I have tried to find information on doing this, but with no luck. OWA works behind the firewall, but I can't access it from outside. Port 80 is opened on the firewall, but I don't know what other ports need to be opened, and what secutiry problems I may encounter.
Any information that can be provided will be greatly appreciated.
 
Sort by date Sort by votes
Security if not an issue if it is done correctly.

Port 80 needs to be opened on the Pix but you'll need to tell it what to do. So you'll need a static (inside, outside) <public IP> <private IP> netmask 255.255.255.255 0 0 to tell the Pix where to route the traffic. You'll also need to specify a conduit permit tcp host <public IP> eq
You may want to change the 0 0 to 500 200 to cut down on embyonic connections to minimise hacking possibilities.
 
Upvote 0 Downvote
HI.

Allowing OWA to your corporate servers isn't very secure, since you are relying on IIS .
You should not use OWA unless you must.
You should limit and/or hide this service, or disable it.
Here are some ways:
1) Use VPN (PPTP or better IPSec) for remote clients.
Do not allow full access to VPN users (do NOT use sysopt connection permit-ipsec on the PIX) but instead limit VPN users only to specific servers and ports, like OWA .
2) If not using VPN, it is recommended to change the default port 80 to a different port.
This change must be done on both IIS server and in PIX configuration.
This is quite good against IIS atacks like code red, but it is not good against malicious attackers that scan your specific servers.
3) In any case, you must apply all IIS related patches on all servers running IIS, and disable IIS on critical servers that do not need it.

About your problem, I also think that a STATIC command is missing in your PIX configuration.
Provide more details go ger better answers.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Q301625 covers most of the issues with IIS. Use Basic Auth and SSL and your fine. Except then you can't expand public folders in ESM but thats a seperate thread or will be soon. Dan
Microsoft Exchange Support @ Microsoft
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
3K
microsGuy16
microsGuy16
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
3K
ponoodle
ponoodle
lwhalo
  • Locked
  • Question
Domain Admins - Active Sync/OWA question
Replies
1
Views
260
ntinlin
ntinlin
joblack23
  • Locked
  • Question
owa lock
Replies
0
Views
172
joblack23
joblack23
MrNick0483
  • Locked
  • Question
Exchange 2013 OWA
Replies
2
Views
302
markdmac
markdmac

Part and Inventory Search

Sponsor

Back
Top