Internal Trusted Windows Users firewalled from Microsoft Servers

Giganews Newsgroups
Subject: Internal Trusted Windows Users firewalled from Microsoft Servers
Posted by:  Ash Wainwright (AshWainwrig…
Date: Fri, 18 Aug 2006

I would like some advice. We have a Security Manager at our company who wants
to separate all user desktops in our organisation from Exchange and Active
Directory and all Microsoft services with a Checkpoint Firewall.

We would need to configure the NG60 Checkpoint firewall with a ruleset that
would allow the user desktop groups which are split into 8 Vlans to access
all Exchange ports including the RPC range as well as the Active Directory

My question is this do many organisations place firewalls between all their
trusted users and their Exchange, AD and Windows servers.

While I can see the added security aspects of the plan, the added
administration overhead seems problematic as well as the performance impact.
Particularly when we are talking about all our internal Microsoft services
and UNIX services.

Just to clarify these are all internal trusted users accesing internal
systems, we are a company with under a 1000 users.

This does not refer to DMZ's which are firewalled from internal users.

Anyones experience or refrence to articles whitepapers would be much