Cisco Cisco Email Security Appliance C160 Mode D'Emploi
Chapter 3 Setup and Installation
3-2
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Installation Planning
Before You Begin
You can install your Cisco IronPort appliance into your existing network
infrastructure in several ways. This section addresses several options available to
you as you plan your installation.
infrastructure in several ways. This section addresses several options available to
you as you plan your installation.
Plan to Place the Cisco IronPort Appliance at the Perimeter of Your Network
Please note that your Cisco IronPort appliance is designed to serve as your SMTP
gateway, also known as a mail exchanger or “MX.” In addition to the “hardened”
operating system dedicated for Internet messaging, many of the newest features
in the AsyncOS operating system function optimally when the appliance is
situated at the first machine with an IP address that is directly accessible to the
Internet (that is, it is an external IP address) for sending and receiving email. For
example:
gateway, also known as a mail exchanger or “MX.” In addition to the “hardened”
operating system dedicated for Internet messaging, many of the newest features
in the AsyncOS operating system function optimally when the appliance is
situated at the first machine with an IP address that is directly accessible to the
Internet (that is, it is an external IP address) for sending and receiving email. For
example:
•
The per-recipient reputation filtering, anti-spam, anti-virus, and Virus
Outbreak Filter features (see
Outbreak Filter features (see
,
,
) are designed to work with a direct flow of
messages from the Internet and from your internal network. You can
configure the Cisco IronPort appliance for policy enforcement (
configure the Cisco IronPort appliance for policy enforcement (
) for all
email traffic to and from your enterprise.
You need to ensure that the Cisco IronPort appliance is both accessible via the
public Internet and is the “first hop” in your email infrastructure. If you allow
another MTA to sit at your network’s perimeter and handle all external
connections, then the Cisco IronPort appliance will not be able to determine the
sender’s IP address. The sender’s IP address is needed to identify and distinguish
senders in the Mail Flow Monitor, to query the SenderBase Reputation Service for
the sender’s SenderBase Reputation Score (SBRS), and to improve the efficacy of
the IronPort Anti-Spam and Outbreak Filters features.
public Internet and is the “first hop” in your email infrastructure. If you allow
another MTA to sit at your network’s perimeter and handle all external
connections, then the Cisco IronPort appliance will not be able to determine the
sender’s IP address. The sender’s IP address is needed to identify and distinguish
senders in the Mail Flow Monitor, to query the SenderBase Reputation Service for
the sender’s SenderBase Reputation Score (SBRS), and to improve the efficacy of
the IronPort Anti-Spam and Outbreak Filters features.