Руководство Пользователя для Cisco Cisco Email Security Appliance X1070
3-4
Cisco AsyncOS 9.0 for Email User Guide
Chapter 3 Setup and Installation
Physically Connecting the Email Security Appliance to the Network
Ethernet Interfaces
Only one of the available Ethernet interfaces on the Email Security appliance is required in these
configurations. However, you can configure two Ethernet interfaces and segregate your internal network
from your external Internet network connection.
configurations. However, you can configure two Ethernet interfaces and segregate your internal network
from your external Internet network connection.
For more information about assigning multiple IP addresses to the available interfaces, see
and
.
Note
The Cisco X1070, C670, and C370 Email Security appliances have three available Ethernet interfaces
by default. The Cisco C170 Email Security appliances have two available Ethernet interfaces.
by default. The Cisco C170 Email Security appliances have two available Ethernet interfaces.
Advanced Configurations
In addition to the configurations shown in
and
, you can also configure:
•
Multiple Email Security appliances using the Centralized Management feature. See
•
Redundancy at the network interface card level by “teaming” two of the Ethernet interfaces on Email
Security appliances using the NIC Pairing feature. See
Security appliances using the NIC Pairing feature. See
Firewall Settings (NAT, Ports)
SMTP and DNS services must have access to the Internet. Other services may also require open firewall
ports. For details, see
ports. For details, see
Physically Connecting the Email Security Appliance to the
Network
Network
•
Configuration Scenarios
The typical configuration scenario for the Email Security appliance is as follows:
•
Interfaces - Only one of the three available Ethernet interfaces on the Email Security appliance is
required for most network environments. However, you can configure two Ethernet interfaces and
segregate your internal network from your external Internet network connection.
required for most network environments. However, you can configure two Ethernet interfaces and
segregate your internal network from your external Internet network connection.
•
Public Listener (incoming email) - The public listener receives connections from many external
hosts and directs messages to a limited number of internal groupware servers.
hosts and directs messages to a limited number of internal groupware servers.
–
Accepts connections from external mail hosts based on settings in the Host Access Table (HAT).
By default, the HAT is configured to ACCEPT connections from all external mail hosts.
By default, the HAT is configured to ACCEPT connections from all external mail hosts.
–
Accepts incoming mail only if it is addressed for the local domains specified in the Recipient
Access Table (RAT). All other domains are rejected.
Access Table (RAT). All other domains are rejected.