Hosting Exchange, firewall help please?!

Over Clocker

Over Clocker

Over Clocker

Man of Honour
Joined
17 Oct 2002
Posts
9,712
Location
Retired Don
Hi guys,

We have just moved into a serviced office, and will be moving our Exchange 2003 server into there soon. The office have provided us with a static IP, and so I guess we need to set up a firewall to map that IP to the internal address, forward the relevent ports etc?

Can anyone offer me a quick low down on this process, what hardware etc would be required etc? It's very low use, only 5 mail boxes :)

Thanks guys,

Mal
 
If it's a serviced office, does it not have any sort of firewall already in place?

If yes, it's just a case of forwarding the ports on that to the static ip of your exchange server.
 
Additionally, if there isn't already a firewall, there'll be nothing to forward ports through.

If you've only got one public IP for the whole office, you're going to want to perform NAT at some point. Appropriate hardware will depend on how the connection's handed over to you and how much you want to spend.
 
If they have provided you with a public address one would assume that they already have a router and or firewall in place to terminate the connection, as such youll need to configure your server with an internal private address, your internal network within the managed offices will most likely be given to you also.

Then simply ask the managed provider to forward Port 25 from your public IP too your internal private address.
 
You may also want to forward port 443 for SSL HTTP and enable OWA (Outlook Web Access) from exchange server to allow employees to get mail remotely.

You said you only have 5 mailboxes, if you are using the exchange POP3 connector to retrieve these, you don't need to open port 25. You only need to forward port 25 if you are receiving incoming mail to the domain via SMTP.
 
Hi guys,

We're using OWA, RPC over HTTP, imap, smtp and pop.

As we will soon be adding extra services and servers for ftp, web, sharepoint etc, we wanted to put in our own firewall. They will then patch us direct into the WAN.

Any recommendations on hardware would be appreciated :)

Mal
 
Or something like a SonicWall TZ180 10 user (which takes a activation key to upgrade to 25 users if you expand).
 
Or a watchguard Fiberbox EDGE

X55E or X10E are also excellent firewalls, a tad expensive but for a good reason :cool:

If your prepared to purchase one second hand PM me i can supply contacts.
 
How difficult are the sonicwall range of firewalls to configure? Are they web based or code based like the cisco pix range?
 
Web based - choice of SonicOS Standard or Enhanced.

StandardOS is, erm, standard on the TZ180. Wizards to help you doing stuff like port forwarding or once you understand it, which shouldn't take long, a port forward can be done in sub 1 minute. There's an initial config wizard as well, so getting it up and running is a 2 minute job (assuming you have your WAN/LAN IP details to hand).
 
I've got a TZ150 Wireless at home. The TZ170 is still a good box - the TZ180 just added a bit more CPU horsepower for the UTM options.

For ADSL, you could use a router for the WAN side. We use Speedtouch 546s setup in no-NAT mode, 1 public IP for the 546 and the other for the WAN port of the Sonic.

Alternatively, get a Draytek Vigor 100 which is zero config. You setup the WAN port of the SonicWall for PPPoE and put your ADSL username/password into the the Sonic.
 
You must log in or register to reply here.
Back
Top Bottom