Exchange 2016 Reverse Proxy with L7 Transparency Enabled



The KEMP LM is connected to both Production and DMZ VLAN in my environment. Therefore, is it possible to implement a reverse proxy for Exchange 2016? Currently, the VS for Exchange 2016 is in the Production VLAN and the gateway for the real servers are pointing to the KEMP LM. Will there be any issues if I were to duplicate the VS and assign an IP that is in the DMZ VLAN? I would like all my external users to connect to this VS (in the DMZ) instead.


1 comment

Barry Gleeson


This is possible but the key thing to consider is the Default Gateway. Also, it is not clear if you have a third network on which the RS reside or if these are on the DMZ.

Assuming the RS's are on a third VLAN (Internal); To allow for this type of configuration I would advise that you use the Default Gateway option under VS configuration.

Assuming currently you have a global Default Gateway out the Production Network. This will mean Traffic to the new VS on the DMZ will use a Gateway out the Production Network VLAN and this could cause routing to fail.

By specifying a specific default gateway on the new VS (pointing to a DG on the DMZ network) you will prevent this issue.