Multiple port forwards?

Solved
ScottPR
Here to help

Multiple port forwards?

Our current config is, we have an on-prem website living in the IIS of the on-prem MS Exchange server. No problem for the firewall, just forward all the ports to the Excahgne server's IP. But, we're moving to Exchange 2016, so we need the namespace for outlook anywhere. 

 

So, what I want to do is, split off the exchange server from the web site, and put them on separate boxes. The question is, can I setup host headers or something similar in the inbound rules of our Meraki firewall? So that traffic to www.domain.com goes to 192.168.0.10, meanwhile mail.domain.com goes to 192.168.0.20

 

Or should I just break down and get an external web site for public consumption?

1 Accepted Solution
KevinH
Here to help

I think you might be looking for a reverse proxy.

This is a good video: https://www.youtube.com/watch?v=2fL8Otb9mTE

View solution in original post

4 Replies 4
jdsilva
Kind of a big deal

Hey @ScottPR ,

 

For web stuff going to www you would forward ports 80 and 443. For mail you would forward port 25 (for SMTP, wihch is the most likely port). You don't need to do any header based forwarding for this. 

KevinH
Here to help

I think you might be looking for a reverse proxy.

This is a good video: https://www.youtube.com/watch?v=2fL8Otb9mTE

KevinH
Here to help

If you don't want to invest much, you could also split it up by port numbers.

 

For example:

 

www.domain.com goes to the web server (port 80).

mail.domain.com:8080 (for example) goes to Exchange.

 

Forward by port number. You'll have to tell your users to append the :8080 when entering the URL.

You'll have to configure Exchange's webmail to accept port 8080.

 

This is a workaround, but it won't cost you anything.

PhilipDAth
Kind of a big deal
Kind of a big deal

You could make this much simpler by hosting the web site externally such as in Amazon AWS or Azure.  It's quite cheap.  Also if the web site gets compromised at least they are not on the inside of your network.

 

Low cost, low complexity and good security - a winning trifecta.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels