Cisco Cisco Email Security Appliance C680 User Guide
Chapter 3 Setup and Installation
3-32
Cisco IronPort AsyncOS 7.3 for Email Configuration Guide
OL-23078-01
Installation Planning
Before You Begin
You can install your IronPort appliance into your existing network infrastructure
in several ways. This section addresses several options available to you as you
plan your installation.
in several ways. This section addresses several options available to you as you
plan your installation.
Plan to Place the IronPort Appliance at the Perimeter of Your Network
Please note that your IronPort appliance is designed to serve as your SMTP
gateway, also known as a mail exchanger or “MX.” In addition to the “hardened”
operating system dedicated for Internet messaging, many of the newest features
in the AsyncOS operating system function optimally when the appliance is
situated at the first machine with an IP address that is directly accessible to the
Internet (that is, it is an external IP address) for sending and receiving email. For
example:
gateway, also known as a mail exchanger or “MX.” In addition to the “hardened”
operating system dedicated for Internet messaging, many of the newest features
in the AsyncOS operating system function optimally when the appliance is
situated at the first machine with an IP address that is directly accessible to the
Internet (that is, it is an external IP address) for sending and receiving email. For
example:
•
The per-recipient reputation filtering, anti-spam, anti-virus, and Virus
Outbreak Filter features (see
Outbreak Filter features (see
,
and
) are designed to work with a direct
flow of messages from the Internet and from your internal network. You can
configure the IronPort appliance for policy enforcement (
configure the IronPort appliance for policy enforcement (
) for all
email traffic to and from your enterprise.
You need to ensure that the IronPort appliance is both accessible via the public
Internet and is the “first hop” in your email infrastructure. If you allow another
MTA to sit at your network’s perimeter and handle all external connections, then
the IronPort appliance will not be able to determine the sender’s IP address. The
sender’s IP address is needed to identify and distinguish senders in the Mail Flow
Monitor, to query the SenderBase Reputation Service for the sender’s SenderBase
Reputation Score (SBRS), and to improve the efficacy of the IronPort Anti-Spam
and Virus Outbreak Filters features.
Internet and is the “first hop” in your email infrastructure. If you allow another
MTA to sit at your network’s perimeter and handle all external connections, then
the IronPort appliance will not be able to determine the sender’s IP address. The
sender’s IP address is needed to identify and distinguish senders in the Mail Flow
Monitor, to query the SenderBase Reputation Service for the sender’s SenderBase
Reputation Score (SBRS), and to improve the efficacy of the IronPort Anti-Spam
and Virus Outbreak Filters features.