Feb 10 2023 06:34 AM
Hi,
We have exchange server 2016 installed and updated CU22, all services working fine but our security team has been performed an external scan and they were able to find that our internal IPs of the exchange server are visible. How do we hide them from the external? is there any solution? Appreciate your support.
Thank you.
Feb 11 2023 01:29 PM
Feb 12 2023 05:42 PM - last edited on Feb 13 2023 11:25 AM by Eric Starker
Feb 12 2023 05:42 PM - last edited on Feb 13 2023 11:25 AM by Eric Starker
To hide the internal IP address of your Exchange Server 2016 from external scans, you can implement a reverse proxy using a web application firewall (WAF) or a load balancer. The reverse proxy acts as an intermediary between the internal Exchange server and the external clients, masking the internal IP address and providing an extra layer of security.
Here are the steps to implement a reverse proxy using a WAF or a load balancer:
Configure the WAF or load balancer: Configure the WAF or load balancer to listen on a public IP address for incoming traffic and forward it to the internal IP address of your Exchange Server.
Update DNS records: Update the DNS records to point to the public IP address of the WAF or load balancer instead of the internal IP address of the Exchange Server.
Update Exchange settings: Update the Exchange settings to use the public IP address of the WAF or load balancer as the external URL for the Exchange services such as Autodiscover, Outlook Web Access, and Exchange ActiveSync.
Test the configuration: Test the configuration by accessing the Exchange services from an external network to ensure that the internal IP address of the Exchange Server is not visible.
By using a reverse proxy, you can hide the internal IP address of your Exchange Server from external scans and provide an extra layer of security for your Exchange environment. It's important to regularly monitor and update your reverse proxy configuration to ensure that it remains secure and effective.
(external link removed by moderator)