Cisco Cisco Email Security Appliance C160 Betriebsanweisung
38-2
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 38 Centralizing Services on a Cisco Content Security Management Appliance
Network Planning
For complete information about configuring and using your Cisco Content Security Management
appliance, see the Cisco Content Security Management Appliance User Guide.
appliance, see the Cisco Content Security Management Appliance User Guide.
Network Planning
The Cisco Content Security Management appliance lets you separate the end user interfaces (mail
applications, etc.) from the more secure gateway systems residing in your various DMZs. Using a
two-layer firewall can provide you with flexibility in network planning so that end users will not connect
directly to the outer DMZ.
applications, etc.) from the more secure gateway systems residing in your various DMZs. Using a
two-layer firewall can provide you with flexibility in network planning so that end users will not connect
directly to the outer DMZ.
shows a typical network configuration incorporating the Security Management appliance
and multiple DMZs.
Figure 38-1
Typical Network Configuration Incorporating the Cisco M-Series Appliance
Large corporate data centers can share one Security Management appliance acting as an external Cisco
Spam quarantine for one or more Cisco C- or X-Series appliances. Further, remote offices can be set up
to maintain their own local Cisco appliance quarantines for local use (using the local Cisco Spam
quarantine on C- or X-Series appliances).
Spam quarantine for one or more Cisco C- or X-Series appliances. Further, remote offices can be set up
to maintain their own local Cisco appliance quarantines for local use (using the local Cisco Spam
quarantine on C- or X-Series appliances).
Mail Flow and the External Spam Quarantine
If your network is configured as described in
, incoming mail from the Internet is received
by the Cisco appliances in the outer DMZ. Clean mail is sent along to the mail transfer agent (MTA)
(groupware) in the inner DMZ and eventually to the end users within the corporate network.
(groupware) in the inner DMZ and eventually to the end users within the corporate network.
Spam and suspected spam (depending on your mail flow policy settings) is sent to the Spam quarantine
on the Security Management appliance. End users may then access the quarantine and elect to delete
spam and release messages they would like to have delivered to themselves. Messages remaining in the
Cisco Spam quarantine are automatically deleted after a configurable amount of time (see
on the Security Management appliance. End users may then access the quarantine and elect to delete
spam and release messages they would like to have delivered to themselves. Messages remaining in the
Cisco Spam quarantine are automatically deleted after a configurable amount of time (see
)
Mail is sent to the Security Management appliance from other Cisco (C- and X-Series) appliances. A
Cisco appliance that is configured to send mail to a Security Management appliance will automatically
expect to receive mail released from the Security Management appliance and will not re-process those
messages when they are received back — messages will bypass the HAT and other policy or scanning
settings and be delivered. For this to work, the IP address of the Security Management appliance must
Cisco appliance that is configured to send mail to a Security Management appliance will automatically
expect to receive mail released from the Security Management appliance and will not re-process those
messages when they are received back — messages will bypass the HAT and other policy or scanning
settings and be delivered. For this to work, the IP address of the Security Management appliance must
Internal Users
Outer DMZ
Inner DMZ
C-Series Appliance
Groupware
C-Series Appliance
C-Series Appliance
Security Management
Corporate
Network
Appliance