Video Screencast Help

Messaging Gateway

Created: 20 May 2013 • Updated: 21 Jun 2013 | 12 comments
syedzeeshan's picture
This issue has been solved. See solution.

Hi Experts

hope all are doing well

I have setup Messaging gateway 10.0.1 as intial implementation

with following details

DMZ-- i will put it later

1Eth0- with local ip

default spam filtering rules

content policy for media n exe files

as of now Outbound is working fine ,as for inbound i haven't performed the Natting port 25

i want to know it there any any ports required except 25 .

please advice this architecture is fine ,or do i have to add one more Eth card with inbound or public ip

thank you

Operating Systems:

Comments 12 CommentsJump to latest comment

syedzeeshan's picture

thanks for sharing 

please let me know once i placed smg on firewall and natting with public ip ,i have to enable all the listed ports in the artcile.?

secondly please guide me archecture with 1eth is fine we have 1000 user's

thank you

tonev's picture

I do believe that SMG you configure is in mixed mode i.e. control center / scanner.

If that is correct you have to ensure proper communication for SMTP (port 25 / TCP), NTP (port 123/ UDP) and DNS (if external DNS wil lbe used port 53 UTP/TCP). Not included ports need for engunes update (AntiSPAM and AntiVirus).

TSE-JDavis's picture

The Messaging Gateway works just fine with only one IP address and interface.

syedzeeshan's picture

dear tonev

can you please explain with control center and scanner mixed mode means what exactly

secondly as mentioned by Davis SMG with 1 interface should work fine with 1 interface for

outbound /inbound

tonev's picture


Scanner and Control Centers roles are explained very well in SMG documentation.

Scanners process inbound and outbound messages and route messages for delivery.
Scanners download virus definitions, spam signatures, and other security updates from Symantec Security Response. Scanners run filters, render verdicts, and apply actions to messages in accordance with the appropriate policies and settings.

The Control Center is a browser-enabled application that interfaces with the Symantec Messaging Gateway system.

It is posible to have a Control Center and Scanner on a sigle appliance (what I called mixed mode).. 

Regarding number of the interfaces - as per SMG installation guide: "You can configure the Scanner to perform both inbound mail filtering and outbound mail filtering. You can use the same Ethernet interface for both inbound mail filtering and outbound mail filtering"

BenDC's picture

Yes you can have a combo box with both the control center and scanner roles. It can do inbound and outbound mail on a single IP/interface.

syedzeeshan's picture

Dear All

thanks alot for your opnion

i want to add another default gateway to my smgt

right now setup with 1 eth0 interface .is it possible i configure second eth0 interface and give another ip of default gateway ?

or only one default gateway option is availiable

tonev's picture

I can not understand the question very well.

Are you tring to configure a virtual nic interface (for example eth0:0) or just trying to configure another net interface (eth1)?.

Could you please clarify?

TSE-JDavis's picture

There is no option to have the 2 NICs use different default gateways.

Sbritegate's picture

Can one Scanner NIC be used for mail and the other Scanner NIC to communicate with the Control Center?

TSE-JDavis's picture

Absolutely. This is set under Administration -> Configuration -> Scanner -> SMTP -> Advanced Settings -> Delivery under the bindings settings.