Cisco Cisco Email Security Appliance C160 Mode D'Emploi
3-4
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 3 Setup and Installation
Physically Connecting the Email Security Appliance to the Network
Note
The Cisco X1060/1070, C660/670, and C360/370 Email Security appliances have three available
Ethernet interfaces by default. The Cisco C160/170 Email Security appliances have two available
Ethernet interfaces.
Ethernet interfaces by default. The Cisco C160/170 Email Security appliances have two available
Ethernet interfaces.
Advanced Configurations
In addition to the configurations shown in
and
, you can also configure:
•
Multiple Email Security appliances using the Centralized Management feature. See
•
Redundancy at the network interface card level by “teaming” two of the Ethernet interfaces on Email
Security appliances using the NIC Pairing feature. See
Security appliances using the NIC Pairing feature. See
Firewall Settings (NAT, Ports)
SMTP and DNS services must have access to the Internet. Other services may also require open firewall
ports. For details, see
ports. For details, see
Physically Connecting the Email Security Appliance to the
Network
Network
Configuration Scenarios
The typical configuration scenario for the Email Security appliance is as follows:
•
Interfaces - Only one of the three available Ethernet interfaces on the Email Security appliance is
required for most network environments. However, you can configure two Ethernet interfaces and
segregate your internal network from your external Internet network connection.
required for most network environments. However, you can configure two Ethernet interfaces and
segregate your internal network from your external Internet network connection.
•
Public Listener (incoming email) - The public listener receives connections from many external
hosts and directs messages to a limited number of internal groupware servers.
hosts and directs messages to a limited number of internal groupware servers.
–
Accepts connections from external mail hosts based on settings in the Host Access Table (HAT).
By default, the HAT is configured to ACCEPT connections from all external mail hosts.
By default, the HAT is configured to ACCEPT connections from all external mail hosts.
–
Accepts incoming mail only if it is addressed for the local domains specified in the Recipient
Access Table (RAT). All other domains are rejected.
Access Table (RAT). All other domains are rejected.
–
Relays mail to the appropriate internal groupware server, as defined by SMTP Routes.
•
Private Listener (outgoing email) - The private listener receives connections from a limited
number of internal groupware servers and directs messages to many external mail hosts.
number of internal groupware servers and directs messages to many external mail hosts.
–
Internal groupware servers are configured to route outgoing mail to the Cisco C- or X-Series
appliance.
appliance.
–
The Email Security appliance accepts connections from internal groupware servers based on
settings in the HAT. By default, the HAT is configured to RELAY connections from all internal
mail hosts.
settings in the HAT. By default, the HAT is configured to RELAY connections from all internal
mail hosts.