Hello,
I am currently planning to deploy an Exchange 2013 structure. So far I got this scheme:
The three servers are in a private network. The CAS server has a second network interface for the public IP address. The firewall routes all traffic accordingly. (One thing I want to avoid is NAT because as I see it, that is a relict of bad old times
where public IP addresses were scarce. Routing is the way to go, if you ask me.)
And that is it. The firewall would permit traffic on port 25 for SMTP connections, and on port 443 for Outlook Anywhere. Windows firewalls are active with default rules.
Now my colleagues and superiors believe this is not secure: If someone gained access to the CAS server, he would have access to the whole system. That’s bad.
How can I even improve security? This is the best I can think of.
Thanks in advance!