Hi,

there's a pdf document that covers that topic. You can find a copy of that here:
ftp.entsupport.symantec.com/pub/support/documentation/sbg_installation_guide.pdf

Regards,

Federico

Thanks Federico. i actually have read the document but i am still not quite sure about the connectiviy for the port configuration below:

Two physical ports (eth0 and eth1), each with one IP adress for example: eth0 = 192.0.32.1:25, eth1 = 192.0.47.1:25. does this mean that the eth0 will connect to 1st tier firewall with interface 192.0.32.x and eth1 will connect to 2nd tier firewall with interface 192.0.47.x? i understand that SBG is not a pass through appliance. just wonder how it works in this scenario.

Hi,

you can have 2 interfaces within the same subnet or not, depending on your requirements and preferences. As an example: eht0 will be receiving all the SMTP traffic from the internet (inbound) and eth1 will receive the traffic coming from your email servers (outbound). Then the product allows you to define which interfaces you want to bind to the different instances of delivery (or leave the product to do that automatically).
Ideally your internet facing firewall must not perform any address transformation to the source IP addresses in order to take advantage of reputation.
There other things to consider that are covered in the Administrators and Deployment guides. Also the KB is a good source of information for that. Here's one KB article as an example of that:
service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2008080612113754

Hope that helps,

Federico