OWA, ISA and ASA

[Latta]

I am looking to put in my first Exchange system and I am a little confused on what I need to do for security on the OWA. I am use to 2003 where you had the FE and BE servers, but now with 2007 you can use just one server (it is a small environment, about 60 users). Currently I have a ASA 5510 for my firewall. Do I need to add ISA for better security, or can I do everything that I need to do for OWA through the ASA? That is my biggest question right now as I prepare my budget. I need to know if I should include in there an ISA server or if I could just use my existing firewall for everything.

 

[Davetoo]

I used my existing Watchguard. I stay away from ISA servers completely.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[58sniper]

In 2003 and 2007, single servers are a basic feature. Nothing has changed in that aspect. A FE/BE setup isn't required to do OWA to the Internet.

As with 2003, in 2007, using a reverse proxy like ISA is a good idea. In a perfect world, you'd use an ISA server in the perimeter network to shield OWA (and any other web apps you use, such as SharePoint), and an Edge Transport server in the perimeter to shield SMTP. That way, no Internet originating traffic is going directly to internal domain joined servers.

The ASA5510 works great for setting up a perimeter network for your ISA and/or ET

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/