Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-04-06
This topic provides an overview of how to configure Microsoft Internet Security and Acceleration (ISA) Server 2006 on a computer that is running Microsoft Exchange Server 2007 that has the Client Access server role installed. To help secure your Exchange 2007 deployment, you can use software and hardware firewall solutions. We recommend that you use an advanced firewall server such as ISA Server 2006 with Exchange 2007 because these two products were designed to work together to help secure and enhance the client access experience.
ISA Server 2006 and Exchange 2007
When you use the New Exchange Publishing Rule Wizard to configure your ISA Server computer to allow client access, you automatically configure ISA Server settings that are required for the new features that are in both Exchange 2007 and ISA Server 2006 to work correctly. For more information about how to install a server certificate on ISA Server 2006, see Publishing Exchange Server 2007 with ISA Server 2006.
ISA Server 2006 and Outlook Web Access
Microsoft Office Outlook 2007 for Exchange Server 2007 is designed to take full advantage of the new features that are available in ISA Server 2006. When you deploy Exchange 2007 in an environment where ISA Server 2006 is being used to help secure your corporate network, the full set of features for Exchange Client Access is available. For more information, see Using ISA Server 2006 with Outlook Web Access.
ISA Server 2006 and Outlook Anywhere
In many organizations, users must have mailbox access when they are not in the office. Outlook Anywhere ensures that users can interact with their Microsoft Exchange information from any location. To support this client access method, specific paths must be published on the ISA Server computer. For more information, see Using ISA Server 2006 with Outlook Anywhere.
ISA Server 2006 and Exchange ActiveSync
We recommend that you use ISA Server 2006 to enhance the security of all available client access methods in your Exchange Server 2007 deployment. When you configure Exchange ActiveSync client access together with ISA Server 2006, communications between the Exchange ActiveSync clients and the Exchange server pass through an ISA Server computer to add an additional layer of Secure Sockets Layer (SSL) encryption. For more information, see Using ISA Server 2006 with Exchange ActiveSync.
ISA Server 2006 and POP3 and IMAP4
We recommend that you use ISA Server 2006 for all available client access methods in Exchange 2007. When you publish Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4rev1 (IMAP4) client access together with ISA Server 2006, communications from the POP3 or IMAP4 clients that are located on the Internet to the ISA Server computer and from the ISA Server computer to the Client Access server are encrypted by using SSL. For more information, see Using ISA Server 2006 with POP3 and IMAP4.
Earlier Versions of ISA Server and Exchange 2007
When you deploy Exchange 2007, we recommend that you upgrade any earlier versions of ISA Server that you are using.
Deploying Exchange 2007 in an environment that has been configured to use an earlier version of ISA Server, such as ISA Server 2004, will require changes to the ISA Server rules that you might have configured for client access. If you decide to use ISA Server 2004 or ISA Server 2000 with Exchange 2007, you must create new server or Web publishing rules for the new Client Access servers that you want your users to access.
The following table describes the virtual directories to use as paths for the Web and server publishing rules that you must create for client access to Exchange when you use a version of ISA Server that is earlier than ISA Server 2006. Make sure that you use only the paths for the client applications that you plan to use. For example, if you do not plan to use Microsoft Exchange ActiveSync, you do not have to publish the Microsoft-Server-ActiveSync virtual directory.
Exchange 2007 virtual directories that are used as paths in ISA Server publishing rules for earlier versions of ISA Server
Path name | Description |
---|---|
/owa |
This virtual directory is used by Outlook Web Access to access mailboxes on Exchange 2007 computers that have the Mailbox server role installed. |
/public |
This virtual directory enables users to access public folders for mailboxes that are located on computers that are running Exchange 2007, Microsoft Exchange Server 2003, or Microsoft Exchange 2000 Server. |
/exchweb |
This virtual directory is used by Outlook Web Access to access mailboxes on computers that are running Exchange 2003 or Exchange 2000. |
/exchange |
This virtual directory is used by Outlook Web Access to access mailboxes on computers that are running Exchange 2003 or Exchange 2000. |
/UnifiedMessaging |
This virtual directory is used for Unified Message access. |
/Microsoft-Server-ActiveSync |
This virtual directory is used by Exchange ActiveSync. |
/EWS |
This virtual directory is used for Exchange Web Services. |
/Autodiscover |
This virtual directory is used by the Autodiscover service for the Exchange ActiveSync and Outlook clients. |
/rpc |
This virtual directory is used by Outlook Anywhere in Outlook 2007. |
For More Information
For more information about how to configure client access to Microsoft Exchange together with ISA Server 2006, see the following topics:
- Managing
Outlook Anywhere
- Managing
Outlook Web Access
- Managing the
Autodiscover Service
- Managing
POP3 and IMAP4
- Managing
Exchange ActiveSync.
For more information about the new enhancements to ISA Server 2006 when it is used with Exchange 2007, see What's New and Improved in ISA Server 2006. For more information about ISA Server 2006, see the Microsoft Internet Security and Acceleration Server 2006 Web site. For more information about ISA Server 2006 features, see ISA Server 2006 Features at a Glance.