Cisco Cisco Email Security Appliance C680 用户指南
3-5
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 3 Setup and Installation
In some scenarios, the Cisco IronPort appliance resides inside the network
“DMZ,” in which case an additional firewall sits between the Cisco IronPort
appliance and the groupware server.
“DMZ,” in which case an additional firewall sits between the Cisco IronPort
appliance and the groupware server.
The following network scenarios are described:
•
Behind the Firewall (see
Choose the configuration that best matches your infrastructure. Then proceed to
the next section,
the next section,
.
Incoming
•
Incoming mail is accepted for the local domains you specify. (See )
•
All other domains are rejected.
•
External systems connect directly to the Cisco IronPort appliance to transmit
email for the local domains, and the Cisco IronPort appliance relays the mail
to the appropriate groupware servers (for example, Exchange™,
Groupwise™, Domino™) via SMTP routes. (See “Routing Email for Local
Domains” in the Cisco IronPort AsyncOS for Email Advanced Configuration
Guide.)
email for the local domains, and the Cisco IronPort appliance relays the mail
to the appropriate groupware servers (for example, Exchange™,
Groupwise™, Domino™) via SMTP routes. (See “Routing Email for Local
Domains” in the Cisco IronPort AsyncOS for Email Advanced Configuration
Guide.)
Outgoing
•
Outgoing mail sent by internal users is routed by the groupware server to the
Cisco IronPort appliance.
Cisco IronPort appliance.
•
The Cisco IronPort appliance accepts outbound email based on settings in the
Host Access Table for the private listener. (For more information, see
Host Access Table for the private listener. (For more information, see
.)
Ethernet Interfaces
•
Only one of the available Ethernet interfaces on the Cisco IronPort appliance
is required in these configurations. However, you can configure two Ethernet
interfaces and segregate your internal network from your external Internet
network connection.
is required in these configurations. However, you can configure two Ethernet
interfaces and segregate your internal network from your external Internet
network connection.