recommended lock down of new Zimbra install

[dnk]

Good day all,

I going to be installing a test of Zimbra later today.

Now I am considering implementing Zimbra for our office, but I was wondering, would it be safe to have the Zimbra server sitting in a data center (as opposed to my local lan), and allowing all features to be used from multiple locations (sitting behind a firewall with the appropriate ports open)? Our company has a lot of road warriors, and many will be in Mexico, with spotty connections and was hoping to not have to use a VPN due to user transparency, and possible vpn over head. I would use openvpn for my vpn server - if I go that route.

What is the recommended topology for a Zimbra server when it should be access from many locations around the world?

Also, are they additional port it will require other than the standards?

Regards,

DNK

[Bill Brock]

Both of my ZCS installs set directly on the Internet. They have both WAN NIC for mail traffic and a LAN NIC for most Administration. I let the Linux firewall block all port other than those needed for mail and webmail on the WAN and all ports open on the LAN.

As long as you understand how to setup a firewall I don't see any problems with having your server setting directly on the Internet.

[dnk]

perfect. Thank you for the info. So no additional ports are needed for the outlook MAPI connections, and other shared resources (IE Calendars, contacts, etc). Good to hear!

dnk

[mmorse]

Quote:

Originally Posted by dnk

So no additional ports are needed for the outlook MAPI connections, and other shared resources (IE Calendars, contacts, etc).

Yup, don't need extra - the MAPI is over 80/443 - you can lock it down per this list: Firewall Configuration - Zimbra :: Wiki & Ports - Zimbra :: Wiki

Before I forget: Welcome to the forums!

[dnk]

Thank you very much for the wiki links..... I have been reading over the articles in there one by one....

Excited to try this thing out!