Originally Posted by jibi
Security policies aside, but out of curiosity, what are the real advantages of having the router component in the DMZ? Assuming the firewall is setup for bi-directional, outbound-initiated traffic on port 3101 to the four IP ranges provided by RIM and the 3 hostnames (or 1 or 2) provided by RIM, would there really be any danger of some sort of break? Or is this mainly "piece of mind" for security administrators?
*Edit: I suppose this could have to do with allowing access to the Exchange server from a third-party provider, even if its an extremely limited theoretical possibility only, there is the hole that would be open for the cautious administrators.
peace of mind and policies would be my guess, alot of places dont allow outbound traffic from non dmz zones.