MS Exchange + Citrix advice
I'm currently using MS Forefront TMG to publish MS Exchange 2010 Outlook Anywhere, ActiveSync and OWA (all using SSL) and also Citrix Xenapp 6.5 Web Interface/PNAgent and Citrix Secure Gateway (SSL).
I also host a couple of websites for friends and family which sit on a dedicated linux server.
All this is running on a vmware ESXi server at home. I've got a 100/10mb cable connection which I get a dynamic IP although the IP only changes when I change the hardware behind it as their DHCP servers don't refresh your IP unless it senses a MAC address change.
I used to run pfsense a few months ago until I couldn't get any reverse proxy working for HTTPS, so outlook anywhere, citrix secure gateway etc wouldn't work.
I'd like to know if i can actually do this with pfsense. My aim has always been to not have any ports forwarded internally at all, but using some sort of proxy/filter on the edge firewall (in this case currently TMG).
When I had it set up before I was using postfix mail forwarder, dns forwarder and a few others that I can't remember to do this. although I still had to forward 443 to my exchange server, and change the citrix secure gateway to 4430 and forward that through. Currently I have the router set up as 10.0.0.1 and my TMG server as 10.0.0.2, my internal address range is 18.104.22.168. DMZ is set up on the cable router to 10.0.0.2. This doesn't work very well at all with TMG as I half expected, whenever I connect through the cable router's wifi i get a huge amount of packet loss, I didn't have that with pfsense.
The only other issue is that unfortunately I have to use double nat. Because the router virgin media supply doesn't allow me to use the wifi or switch when it's in bridged mode, and I need this since the router is next to our TV and our HTPC, Xbox and TiVO box all connect into it. Also the 5ghz wifi is very useful, and fast.