Cisco Cisco Email Security Appliance C650 Guía Del Usuario
43-2
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 43 Centralizing Services on a Cisco Content Security Management Appliance
Network Planning
Network Planning
The Cisco Content Security Management appliance lets you separate the end-user interfaces (such as
mail applications) from the more secure gateway systems residing in your various DMZs. Using a
two-layer firewall can provide you with flexibility in network planning so that end users do not connect
directly to the outer DMZ.
mail applications) from the more secure gateway systems residing in your various DMZs. Using a
two-layer firewall can provide you with flexibility in network planning so that end users do not connect
directly to the outer DMZ.
shows a typical network configuration incorporating the Security Management appliance
and multiple DMZs.
Figure 43-1
Typical Network Configuration with Cisco Content Security Management Appliance
Large corporate data centers can share one Security Management appliance which acts as an external
spam quarantine for one or more Email Security appliances. Meanwhile, remote offices can maintain
local spam quarantines on Email Security appliances for local use.
spam quarantine for one or more Email Security appliances. Meanwhile, remote offices can maintain
local spam quarantines on Email Security appliances for local use.
Working with an External Spam Quarantine
•
•
•
•
•
Mail Flow and the External Spam Quarantine
If your network is configured as described in
, incoming mail from the Internet is received
by appliances in the outer DMZ. Clean mail is sent along to the mail transfer agent (MTA) (groupware)
in the inner DMZ and eventually to the end users within the corporate network.
in the inner DMZ and eventually to the end users within the corporate network.
Spam and suspected spam (depending on your mail flow policy settings) is sent to the spam quarantine
on the Security Management appliance. End users may then access the quarantine and elect to delete
spam and release messages that they would like to have delivered to themselves. Messages remaining in
the spam quarantine are automatically deleted after a configurable amount of time.
on the Security Management appliance. End users may then access the quarantine and elect to delete
spam and release messages that they would like to have delivered to themselves. Messages remaining in
the spam quarantine are automatically deleted after a configurable amount of time.
Internal Users
Outer DMZ
Inner DMZ
Email Security Appliance
Groupware
Email Security Appliance
Email Security Appliance
Security Management
Corporate
Network
Appliance