Is Exchange supported in a DMZ? Well, it depends. What role or roles are we inquiring about?
Many customers want to use the same rules that were available in the days of Exchange 2003 by placing or designing an implementation with the Client Access role in the DMZ. However, that was a long time ago and the same rules do not apply. Beginning with Exchange 2007, and continuing with 2010 and 2013, only the Edge Transport role is supported to be implemented in a DMZ (perimeter network).
Don’t believe me? Check out the following references. Don’t like it? Either find a way to work within the parameters, find a different product, or take a look into Office 365.
- Client Access server (Refer to first Warning)
- Don’t put CAS in the Perimeter network!
- Planning for Client Access Servers (Refer to first Note)
- Exchange, Firewalls, and Support… Oh, my! (Refer to “Confusion point #1”)
Can it be done? Sure. I’ve seen it and had nothing but issues when either trying to troubleshoot connectivity or transitioning to a new version. But you can always see for yourself by trying to call Microsoft (or your partner) if you need help with connectivity issues.