Exchange 2007/2010: Don't put CAS in Perimeter network

As you start planning deploying an Exchange Server 2007, Exchange Server 2010 Client Access Servers (CAS) server in Perimeter network ("DMZ" - Demilitarized Zone), you quickly notice that there’s no documentation for how to. You’ll probably find TechNet documentation which explains this’s explicitly not supported. Microsoft doesn't test or support any topologies which put firewalls between a CAS and […]

As you start planning deploying an Exchange Server 2007, Exchange Server 2010 Client Access Servers (CAS) server in Perimeter network ("DMZ" - Demilitarized Zone), you quickly notice that there’s no documentation for how to. You’ll probably find TechNet documentation which explains this’s explicitly not supported. Microsoft doesn't test or support any topologies which put firewalls between a CAS and a Mailbox (MBX) server. The only E2007/2010 role which’s supported for deployment in a perimeter network, and with a firewall server separating it from other Exchange server it talks to, is Edge role. This’s true for Exchange servers talking to one another within and between AD Sites.

“A Perimeter network is a network zone many companies deploy between the Internet and their intranet as defense-in-depth.”

Full Article: Exchange blog