05-15-2012 02:39 PM
They are treated like any other HTTPS service, the SRX does not have any specifc application level features other than some optional IDP signatures related to them.
05-16-2012 10:18 AM
You really need to clarify what you are talking about...
Are you talking about RPC over HTTP/HTTPS ? If so the firewall does not see the RPC because it is encapolated in HTTPS.
Are you talking about a OCW/CAS server in a DMZ talking RPC to the backend? This is not a microsoft supproted config and HIGHLY not recommended http://blogs.technet.com/b/exchange/archive/2009/10/21/3408587.aspx
05-16-2012 11:37 AM
I want to place single exchange 2007 server in DMZ after SRX220/240 with working activesync and outlook anywhere. Maybe later I'll need to setup distributed exchange system with 2-3 servers which will be placed in different sites.
But yes, I inderstand, that RPC is encapsulated in HTTPS. I have in front of my eyes system with ISA server and think same as it works ).
05-16-2012 12:03 PM
ISA is a special case for MANY microsoft deployments since it is explicity designed and aware of some microsoft products. Mind you the troublehshotting docs all end with "Reboot".
I have never put the OWA/ CAS in a DMZ, microsoft repeatedly suggests that ALL exchange rolls be within the same zone to allow ease of communication... there is an RPC "ALG" service on the SRX but I can't comment on your paticular design if they work well..
Forwarding the HTTP traffic is straight forward as well as applying the IDP (if you purchased the option) to the rules.
Inter exchange communication is amess since the CAS is going to need AD access, access to the backend servers and unless you also have a seperat internal OWA/CAS your client systems will also need to talk to it.