Let’s start this post about Exchange with a common question: Now that Microsoft has stopped selling TMG, should I rip it out and find something else to publish Exchange with? I have occasionall...
Updated Jul 01, 2019
Version 2.0
Blog Post
Thanks for the ongoing feedback, some responses to the questions raised;
@Geo - Arr!
@ Jeff - some years ago as it happens. Way before Sept 2012. But then, I'm not one of those people who believe that our customers should do what we do, necessarily. Too many times I get on calls with customers who want to know what we do, so they can just copy it. I ask them what their requirements and skills are, and then tell them what ours are. And they aren't the same. So why would you just copy what we do? Makes no sense.
@ vkaydanov - the problem I have with any device or code that promises to tell you what makes 'good' Exchange traffic and 'bad' Exchange traffic, is they can only see so far into the packets, and we encrypt everything (unless you turn that off, which we don't suggest you do). So they become something of man-in-the-middle attack, put in place by security. And if they log that traffic, they are possibly capturing credentials too... so where does the line stop? Then, any time we change things, they break, as frankly there is no way for those devices to know what really constitutes good from bad, as we reserve the right to change it as we need to. We made our application understand what is good from bad traffic. It knows how to deal with invalid requests way better than anything you could put in front of it.
@ Shawn - ARR - for those that require an endpoint in their old-skool DMZ. To reverse proxy, nothing more. If you only need that, that's all you need. If you need pre-auth, sorry, if the security people require pre-auth, you need something else.
Thanks for all the other comments.