Messaging Gateway

 View Only
  • 1.  Brightmail network connections

    Posted Sep 08, 2009 04:39 AM
     We are preparing a testing Lab in order to implement in the future the brightmail solution into our production environment. 

    We went through the documention and understood that the best choice for us is to use two ethernet interfaces but is not yet clear to use how the appliance uses them in terms of traffic.

    We thought to have the following:

    • eth0 (i.e.192.168.0.1/24) as email inbound interface connected to a DMZ VLAN1  and mapped public on the internet using a NAT on the public firewall (i.e.195.30.190.30)
    • the MX of domain.com will point to the previous natted public IP (195.30.190.30)
    • eth1 (i.e.192.168.1.1/24) as email outbound interface connected to a DMZ VLAN2 and not public mapped/natted as we expect the email to be forwarded out on the internet via eth0.
    • the console running on a separate host inside our trusted network (172.19.0.0/16) or on the DMZ VLAN2

    This configuration makes us think of two questions:

    • is the eth1 configuration going to work for the outbound traffic as expected or we have also to map the eth1 externally on a public IP and as MX record?
    • is the console best place on the DMZ VLAN2 or is best to run it internally on the LAN?
    • can the eth0 and eth1 be on the same DMZ segment or best to divide the DMZ segments like we though?

    If you could help this would be great as we really look forward to implement this product live in production.



  • 2.  RE: Brightmail network connections

    Posted Sep 09, 2009 06:11 AM
    Hi Roberto,

    There are multiple options of configuring the SMS Appliance.

    1) If you are having multiple servers than you can keep it on the same DMZ segment or in a different as there is no relevent with inbound & outbound.

    2) For accessing a web console you can define certain machine of admin's for accessing not all the local LAN for security reasons.

    3) You can configure Control center & Scanner on the single appliance & you can also receive & send email with same Public IP as there is new new feature of delivery address binding in the current verison of SMS.

    Kindly let us know if you need any more clarification on the same.

    Regards,
    Laeek