We are currently upgrading our Exchange from 2003 to 2013, using 2010 in coexistence to get there. We have been using Blackberries, but are moving to iPhones/Android and active sync. As we did have a BB server we didn't have the old Exchange server internet facing, but now we are looking into this with the new server.
I have been looking around for best practices, but haven't found much for Exchange 2013, so would like a bit of help with securing the Exchange server when we open it to the internet for OWA and active sync.
We have messagelabs as our spam filter where the MX records point and a checkpoint firewall.
From what I understand from reading, we would need to point mail.company.com and autodiscover.company.com at the firewall and allow SSL traffic through the firewall to the Exchange server.
Any help/advice on this would be great.