Understanding External Access to Exchange 2010

Applies to: Exchange Server 2010

This topic describes how to configure firewalls for use with a Microsoft Exchange Server 2010 Client Access server. You can use software and hardware solutions as a firewall to help secure your messaging environment. We recommend that you use an advanced firewall server such as Microsoft Internet Acceleration and Security (ISA) Server 2006 with Exchange 2010 because these two products are designed to work together to help secure and enhance the client access experience.

ISA Server 2006 and Exchange 2010

ISA Server 2006 and Exchange 2010 coexist and provide an increased level of security for your messaging environment. When you use the New Exchange Publishing Rule Wizard to configure your ISA Server computer to allow client access, you automatically configure ISA Server settings that are required for the features in both Exchange 2010 and ISA Server 2006 to work correctly.

Earlier Versions of ISA Server and Exchange 2010

When you deploy Exchange 2010, we recommend that you upgrade any earlier versions of ISA Server that you're using. Deploying Exchange 2010 in an environment that was configured to use an earlier version of ISA Server, such as ISA Server 2004, requires changes to any ISA Server rules you configured for client access.

When you configure ISA Server 2004 or ISA Server 2000, you'll have to create new server or Web publishing rules for the Client Access servers you want your users to access. The following table describes the virtual directories to use as paths for the Web and server publishing rules you must create for client access to Exchange when you use an earlier version of ISA Server than ISA Server 2006. Make sure that you use only the paths for the client applications you plan to use. For example, if you don't plan to use Microsoft Exchange ActiveSync, you don't have to publish the Microsoft-Server-ActiveSync virtual directory.

Exchange 2010 virtual directories used as paths in ISA Server publishing rules