Another one for the Doep

Doep is the only one who reads my stuff about network best practices. Thus, here is another best practices configuration for my old mate, Doep. (Payment in Guinness!) This configuration above is to setup Outlook Web Access for Exchange to external users from the Internet. It entails using a Checkpoint Charlie configuration. A Checkpoint Charlie configuration is the use of reverse proxies in a DMZ that is accessed externally from the Internet. The external incoming connections are terminated on the reverse proxy, which then presents the web pages which have been backhauled internally from the server farm. In this case, the reverse proxy is Microsoft's ISA server 2006. You can also read more about ISA, here.
A Checkpoint Charlie configuration can be used for any type of Intranet application that is hosted on a server farm and needs to be presented to external users.


  1. Thanks for this one Ronald

    The Big D

  2. There is another that also reads the blogs.

    What would you say are the benefits of using a reverse proxy?

  3. Wimpie, thanks for writing. It is a honour to have you as a reader!
    The primary purpose of a DMZ is to terminate incoming third party connections. However, having active systems and data in a DMZ is never a good idea. Checkpoint Charlie configurations with reverse proxies deployed in a DMZ solve both issues.
    An additional use is making Intranets available to overlapping address spaces.


Post a Comment