Ask the Expert

Whether to put Exchange server in DMZ or internal network

We use an SMTP relay that sits in front of our Exchange 5.5 server. This product does some filtering, blocking and archiving for regulatory compliance. Right now it is inside the firewall, but we recongnize the need to put this machine in a DMZ area.

The internal debate is whether or not the Exchange server itself should go in the DMZ or stay in the internal network. One side says put Exchange (5.5, but moving to 2K) in the DMZ to eliminate traffic from the outside to the inside. The other side of the debate feels that puts sensitive information closer to the edge of the network and that the data is safer on the inside.

Can you offer any suggestions to help us break the deadlock?

    Requires Free Membership to View

Deadlock broken: Put the relay in the DMZ and leave the Exchange server in protected space.

For more information on this topic, visit these other resources:
Best Web Links: Infrastructure and network security
Ask the Expert: Guidelines for designing a DMZ with defined levels of access
Ask the Expert: Placement of security solutions on a network

This was first published in January 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: