Cisco Cisco Email Security Appliance C170 Betriebsanweisung
38-2
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 38 Centralizing Services on a Cisco Content Security Management Appliance
Network Planning
Network Planning
The Cisco Content Security Management appliance lets you separate the end user interfaces (mail
applications, etc.) from the more secure gateway systems residing in your various DMZs. Using a
two-layer firewall can provide you with flexibility in network planning so that end users will not connect
directly to the outer DMZ.
applications, etc.) from the more secure gateway systems residing in your various DMZs. Using a
two-layer firewall can provide you with flexibility in network planning so that end users will not connect
directly to the outer DMZ.
shows a typical network configuration incorporating the Security Management appliance
and multiple DMZs.
Figure 38-1
Typical Network Configuration Incorporating the Cisco M-Series Appliance
Large corporate data centers can share one Security Management appliance acting as an external Cisco
Spam quarantine for one or more Cisco C- or X-Series appliances. Further, remote offices can be set up
to maintain their own local Cisco appliance quarantines for local use (using the local Cisco Spam
quarantine on C- or X-Series appliances).
Spam quarantine for one or more Cisco C- or X-Series appliances. Further, remote offices can be set up
to maintain their own local Cisco appliance quarantines for local use (using the local Cisco Spam
quarantine on C- or X-Series appliances).
Mail Flow and the External Spam Quarantine
If your network is configured as described in
, incoming mail from the Internet is received
by the Cisco appliances in the outer DMZ. Clean mail is sent along to the mail transfer agent (MTA)
(groupware) in the inner DMZ and eventually to the end users within the corporate network.
(groupware) in the inner DMZ and eventually to the end users within the corporate network.
Spam and suspected spam (depending on your mail flow policy settings) is sent to the Spam quarantine
on the Security Management appliance. End users may then access the quarantine and elect to delete
spam and release messages they would like to have delivered to themselves. Messages remaining in the
Cisco Spam quarantine are automatically deleted after a configurable amount of time (see
on the Security Management appliance. End users may then access the quarantine and elect to delete
spam and release messages they would like to have delivered to themselves. Messages remaining in the
Cisco Spam quarantine are automatically deleted after a configurable amount of time (see
Mail is sent to the Security Management appliance from other Cisco (C- and X-Series) appliances. A
Cisco appliance that is configured to send mail to a Security Management appliance will automatically
expect to receive mail released from the Security Management appliance and will not re-process those
messages when they are received back — messages will bypass the HAT and other policy or scanning
settings and be delivered. For this to work, the IP address of the Security Management appliance must
not change. If the IP address of the Security Management appliance changes, the receiving C- or
X-Series appliance will process the message as it would any other incoming message. You should always
use the same IP address for receiving and delivery on the Security Management appliance.
Cisco appliance that is configured to send mail to a Security Management appliance will automatically
expect to receive mail released from the Security Management appliance and will not re-process those
messages when they are received back — messages will bypass the HAT and other policy or scanning
settings and be delivered. For this to work, the IP address of the Security Management appliance must
not change. If the IP address of the Security Management appliance changes, the receiving C- or
X-Series appliance will process the message as it would any other incoming message. You should always
use the same IP address for receiving and delivery on the Security Management appliance.
Internal Users
Outer DMZ
Inner DMZ
C-Series Appliance
Groupware
C-Series Appliance
C-Series Appliance
Security Management
Corporate
Network
Appliance