Messaging Gateway

 View Only

  • 1.  Symantec Messaging Gateway 10.0 and TMG

    Posted Aug 27, 2013 07:53 AM

    Hello There

     

    I will like to deploy a Symantec Messaging Gateway 10.0 behind a TMG with this scenario to replace a panda Gate Defender appliance already installed

     

    symantec Messaging Gateway 10.0 VM already installed in a VMWare ESXi

    Two Virtual NICS one connected to my TMG and another to my Core Switch

    Mail Serves (One external located outside in a service Provider) with ex. SMTP mail.mycompany.com another internal just for LAN mail Exchange flow, with SMTP mail.mycompany.local

    I just want to filter Incoming email from my external mail Server, for now

     

    Can anyone help me with the configuration for this scenario about networking (routing) and message filtering configuration

     

    Thank you



  • 2.  RE: Symantec Messaging Gateway 10.0 and TMG

    Posted Aug 27, 2013 10:39 AM

    Symantec Messaging Gateway is not a bridge or routing device. Mail must be specifically routed to and it must know where to send messages once they have been processed. The typically installation for inbound only has a single NIC attached to a switch, mail is routed to that IP address from the firewall, once processed it is passed to the mail server.

     



  • 3.  RE: Symantec Messaging Gateway 10.0 and TMG

    Posted Aug 27, 2013 11:30 AM

    Great ...

    I already suspected that, the major problem is that our corporate mail server its outside the organization network , that in my point of view could be a problem, one a mail is scanned is passed to an email server (outside the organization) to be routed by the firewall again by the same process, this can create a kind of infinite cycle.

     

    Am i right?

     

    if i am correct, is there any workaround to this, if not this messaging gateway won’t do for this kind of network topology 

    Thanks



  • 4.  RE: Symantec Messaging Gateway 10.0 and TMG

    Posted Aug 28, 2013 11:58 AM

    This situation is not ideal for Symantec Messaging Gateway. However it may still be able to work as Symantec Messaging gateway does not scan client protocols such as imap, mapi, or pop3, only SMTP traffic that is routed to it that it has been configured to accept. In therory it would just be configuring the mail to route to your mail server.

    So if the mail server on the internet is not sending messages back to another mail server via SMTP in your internal network for client pickup to your local network it should be okay.

    However you may want to look into something like our .cloud solution which all mail would route to it from the internet, then .cloud would send it to your mail server, where your clients would pick it up. Rather than from the internet -> your network with the SMG -> internet to your mail server then back in some how to your clients.