×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

MS Proxy and Exchange

MS Proxy and Exchange

MS Proxy and Exchange

(OP)
This is a just a general question. Is anyone aware of any known issues on having MS Proxy 2.0 and Exchange 5.5 on the same machine???

RE: MS Proxy and Exchange

(OP)
Also, what other firewalls are out there that have better security than MS Proxy Server. I am planning to connect a LAN of about 30 nodes to the internet through a router with a internet ip address. I'm debating whether i should connect that router to a NT box w/ 2 NIC's and MS proxy, or to put firewall software on the router and have it hooked directly into the LAN. I haven't picked out a router yet, so any suggestions on that would be helpful! Security is of great importance and several user will want to access the network remotely, most probably through a VPN.

RE: MS Proxy and Exchange

I can tell you this much. If you plan on using pptp, don't even think about using proxy server. You can not be authenticated with pptp through a proxy. There is supposedly a work around by using RRAS, but so far my efforts to make it work have failed, and there just isn't any good information available except a couple KB articles by Microsoft saying it should work! I'd definately go with some other firewall solution.

RE: MS Proxy and Exchange

yeah if you are concerned with security put your proxy on another computer and add an add-on firewall to sure-up the NT proxy like the Gauntlet firewall (network accociates). better safe than sorry.

RE: MS Proxy and Exchange

Proxy means doing for someone else. i.e. you use it for multiple people going out through it (router).

Proxy does not mean firewall. MS Proxy definitely does not mean secure firewall.

Checkout Checkpoint Firewall. Cisco IOS and Gauntlet as Blakester noted.

If you wish to allow incoming access other than an SMTP mail feed then use something professional and have it professionally installed. One big bill is better than one insecure network.

We had someone recommend proxy as a firewall. It was hacked within hours of going up. Then he plugged the internet connection straight into our fibre switch - no firewall or proxy server at all. My how we laughed...

RE: MS Proxy and Exchange

I have Proxy, Exchange, IIS and VPN access all on the same server with no problems.

RE: MS Proxy and Exchange

(OP)
Tool,

Are you using PPTP? I am a little worried about the security of data being passed through the VPN. How good is the Microsoft Authentication and Encryption, and overall security from the outside world.

RE: MS Proxy and Exchange

I guess it all depends on how secure your data needs to be. I think that the built in VPN (PPTP) service is secure with NT. Windows 2000 is coming out with an even more secure PPTP protocol. Microsoft is using industry standard PPTP. There are several things to consider when creating a secure site, NT is complex and has many loopholes. In addition to PPTP Microsoft developed a product called RRAS which when used with PPTP can further secure your network connection. I suggest reading further into the PPTP protocol, you can find more info on Microsoft's website with their online Technet CD. Make sure you have strong authentication on both the client and server side. I use it without a hitch so far =-)

Tool

RE: MS Proxy and Exchange

First and foremost I would not recommend having anything other than Proxy Server on the machine that is directly connected to the internet. If you do and that machine gets compromised, everything is compromised. Proxy Server can act as a gateway to Exchange with Exchange being on an internal, private subnet (ie Proxy listens on port 25 and routes anything from there to the Exchange server inside the firewall).

Now secondly, I definately would not count on Proxy Server if you are as concerned with security as it sounds. Zelandakh recommended Checkpoint's Firewall-1 -- yes it is expensive, but it is worth the money. Nothing is completely bulletproof, but we have it and have very few problems with it. Even if you ask Microsoft, if you talk to the right people that is, Proxy is meant as just that, a PRoxy to allow people to get out to the internet - its not a high level firewall. Firewall-1 comes with a VPN client also.

Microsoft really isn't in the business of protecting your network, their products are designed to allow easier access to the internet -- look at Windows 2000, the install is so dumbed down anyone with half a brain can install it...

I would definately recommend a third party firewall. I would not use Proxy Server as a firewall. Either Firewall-1 (which is installed on an NT machine, or a deticated router/firewall combination (either Cisco or Ascend - both have good firewalls). Also, I would not put Proxy and Exchange on the same machine - if you still want to use proxy, it can listen and forward all SMTP requests to the Exchange server which can be inside your DMZ - another level of protection.

Hope this helps a little,
Paul

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close