|
Question : Fortigate as a mail relay/reverse proxy/ISA?
|
|
Hi everyone,
I've been using Forigates for quite a few years. Same goes for Mail relays(2003 Servers using IIS relay, Argosoft mail servers, even XP Pro based machines with IIS, Alldain's Esafe versions), reverse proxies(for OWA, don't know to set those Linux servers up), with Exchange and Checkpoints' Sboxes.
I have a client who wants a new Exchange with OWA capabilities. Now, I, immediately thought of the standard configuration(Sbox->mail relay(DMZ)/reverse proxy->exchange). But then it hit tm, why not try and use Fortigate as a type of "mail relay"??? is it even necessary to think of a mail relay in case you have a fortigate? It has Content filtering capabilities, SPAM, AV engine, and even authentication...why not use it instead?
The only problem I can think of, and that's why you need ISA - Can fortigate implement it's protection profiles and use content filtering on the HTTPS/SSL 'tunnels'? Would it be able to "see" inside like ISA?
Cheers!
So that's basically my question - Has anyone ever tried this before?
|
|
Answer : Fortigate as a mail relay/reverse proxy/ISA?
|
|
Absolutely - but that is not the same as 'see' inside. ISA has tweo modes of operation and this is one of its strengths. ISA supports the traditional tunneling whereby ISA is just the conduit and traffic passes through. Its Bridging capability is the 'break and remake' part and not many do that at all, let alone well - ISA is exceptional in this area. Note it is only for inbound traffic though ie where the traffic has been initiated from the Intrernet to a published service; it does not work for basic, natted, outbound ssl connections.
|
|
|
|