Messaging Gateway

Recently set up a Brightmail Gateway Appliance 8320, v. 8.03
We are now unable to connect to Outlook Web Access. We get the error that the web page cannot be found.

We also have Symantec Mail Security for Microsoft Exchange installed. I was told by Symantec that it would not cause any issues to leave that running in conjunction with the Brightmail.

Any help will be appreciated.

Thanks.

Hi SynSol,

First of all there is no interconnection between SBG & Outlook web Access. Kindly check from your network team whether the port is open on firewall for OWA if you are using it from internet & even you are opening it with the assigned public IP address.


Regards,
Laeek

there shouldn't be any relation between Brightmail and OWA. Can you connect to the OWA within the internal LAN?

You say that there is no interconnection, but it would make sense that there would be.  

If I'm understanding the way this Brightmail "Gateway" works, it is supposed to sit between your exchange server - which in my case handles Outlook Web Access (OWA) - and the world (the internet).  

Prior to the installation of the Brightmail appliance (the virtual appliance in my case), both 80 traffic (HTTP for OWA) and 25 traffic (SMTP for email) was allowed through my firewall to my exchange server.  The port 80 traffic (http) was picked up by OWA and port 25 traffic (SMTP) was handled as regular email.

When installed the gateway, I directed all traffic (both 25 and 80) to the appliance and configured the appliance to pass on email to exchange (after filtering of course).  The 80 traffic (for OWA) is not being handled by the device.  I'm assuming it's being dropped.

I've tried to configure my firewall look at pass 80 traffic directly to exchange and 25 traffic to brightmail, but can't seem to figure out how to do it.  I get an error because it says I can't have two NAT entries that originate from a single IP (my public mail.mycompany.com IP) NAT'd to two different internal IPs.  

I can connect to OWA from within my network, which makes sense because I'm not going through the Brightmail Gateway.  I can also have users VPN in (putting them within the network) and access OWA, which makes sense also, but can't get both OWA and Brightmail working from the outside.

Hi,

HTTP traffic can be used to access the SBG control centre if configured, however this is not your problem here.
The reason you can't get to OWA is outlined in the error message you've quoted:

"I get an error because it says I can't have two NAT entries that originate from a single IP (my public mail.mycompany.com IP) NAT'd to two different internal IPs."

It's your firewall/router that is the problem here.
Previously, when one server was handling the SMTP and HTTP/S (I hope it's TLS'd anyway) it was fine, because your Exchange server was handling all of that.
Now, SBG does not proxy nor route HTTP traffic, so you need to set your firewall/router to NAT the inbound HTTP requests to Exchange.
It seems that your firewall won't let you because you are doing routing at the hostname level.
You have two options:

1. Create a new A record (i.e smtp.yourdomain.com) and use that as your primary MX.  Redirect that host to SBG and redirect mail.yourdomain.com to exchange.
2. Work out how to port forward 80/443 to exchange and 25 to SBG at the protocol level not the host level.

Hope that helps, let me know if you need further details.

//ian

That did it.

I didn't want to mess with my MX record because it would affect some other services.  You did point me to "Port Forwarding", which was the solution. Those were the keywords that I needed to find a "how to" on configuring that on my firewall.  

Like you mentioned, I have 25 traffic forwarded to SBG and 80/443  forwarded to exchange.

Thanks again

No problems.
Just hit that 'Mark As Solution' button under my post :-)

//ian