Let’s start this post about Exchange with a common question: Now that Microsoft has stopped selling TMG, should I rip it out and find something else to publish Exchange with? I have occasionall...
Updated Jul 01, 2019
Version 2.0
Blog Post
@ Anthonynz - I wrote that paper you linked to three years ago. Three years. At the time I firmly believed it was the right thing to do (though I do remember a discussion with a senior person in the Exchange team at the time who was telling me I was wasting
my time, even then). I have changed my perspective. I am not saying there is no need for any kind of firewall/protection, I am saying it is a choice.
@ Lync - Lync states, in the post you linked to "Lync Server uses two websites to service its web requests, one for the internal network and one for the external network. The external website listens on port 4443, instead of on the standard port 443, thus
requiring a reverse proxy to translate between the two". No-where do they say pre-auth is required. They need a reverse proxy for translation.
@ Milan - just like the car analogy - just because we don't sell it any more, doesn't mean you can't use it any more. If you built up around it, keep using it, it has support.
@ Marco - You are right, it is Exchange in a post TMG world. Good point. I'll also say, the whole Ipv6 idea, brilliant. In fact, this whole concept was something Steve Riley used to talk about. IPv6 and IPsec and throw away the firewall altogether.
http://www.bing.com/search?q=steve+riley+death+dmz&qs=n&form=QBRE&pq=steve+riley+death+dmz&sc=0-18&sp=-1&sk=
www.bing.com/search plenty of good links there.