Ben Keyser
asked on
Groupwise Sending and receiving on separate NICs
I am trying to establish if you can split the traffic through the Gwia to go through different network cards - incoming mail on one card and outgoing on another.
The background is:
The firewall is a Netpilot. The MX record also points to the Netpilot, which will continue to receive the mail. We want the outgoing mail to leave through a separate NIC. The purpose, as I understand it, is that, since the Netpilot is the default gateway, any (or most) virus activity inside the network, will attempt to send mail through the default gateway. This client had his domain blocked some time ago because of a virus that got in from somewhere. We can now safely block any outgoing email traffic on the netpilot if Groupwise can send mail on a different nic, ensuring that virusses cannot send mail out of the network. Hence the need to split the incoming and outgoing mail over 2 nics.
Is this possible? I posted this question on the Novell Support Forum yesterday and had no response (yet). That makes me wonder if this can be done.
The background is:
The firewall is a Netpilot. The MX record also points to the Netpilot, which will continue to receive the mail. We want the outgoing mail to leave through a separate NIC. The purpose, as I understand it, is that, since the Netpilot is the default gateway, any (or most) virus activity inside the network, will attempt to send mail through the default gateway. This client had his domain blocked some time ago because of a virus that got in from somewhere. We can now safely block any outgoing email traffic on the netpilot if Groupwise can send mail on a different nic, ensuring that virusses cannot send mail out of the network. Hence the need to split the incoming and outgoing mail over 2 nics.
Is this possible? I posted this question on the Novell Support Forum yesterday and had no response (yet). That makes me wonder if this can be done.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
PsiCop
BTW, you may have noted that GroupWise does not have its own TA under the E-Mail heading. If you'd like to help change this, then a nice (free) message in the New Topics request area would be helpful. https://www.experts-exchange.com/Community_Support/New_Topics/
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The trouble with that arrangement is that you have no control over which IP address GroupWise will use for what. So it may very well try to use the inbound-only IP address for outbound traffic and start queueing up a lot of E-Mail because it thinks its running into a 450 Host Down situation.
This will work. Groupwise is ignorant of the entire set up. The switch will do the work. Groupwise doesn't decide anything. There is no inbound only address
because the inbound and outbound NIC's have the same address they are TEAMED. The switch will route the traffic to the proper NIC thought the access list on the ports. Groupwise just thinks there is only one NIC.
because the inbound and outbound NIC's have the same address they are TEAMED. The switch will route the traffic to the proper NIC thought the access list on the ports. Groupwise just thinks there is only one NIC.
Ah, I see what you're getting at. You still need to prevent the GWIA from binding to the "general use" NIC.
And it is also dependent on having NICs capable of Teaming (altho most are, since its mainly done in software) and on a switching infrastructure that can control access with that granularity. If you have that hardware, well and good.
The solution I proposed has the advantage of existing entirely within the GroupWise system, and doesn't have special hardware requirements. There's also no licensing costs, since GroupWise is licensed per mailbox - Novell doesn't care how many agents you run.
And it is also dependent on having NICs capable of Teaming (altho most are, since its mainly done in software) and on a switching infrastructure that can control access with that granularity. If you have that hardware, well and good.
The solution I proposed has the advantage of existing entirely within the GroupWise system, and doesn't have special hardware requirements. There's also no licensing costs, since GroupWise is licensed per mailbox - Novell doesn't care how many agents you run.
The GWIA will ignore the "general use" NIC because the ip address was not put into console one, only the address of the TEAMED NIC pair. Any Cisco or Nortel switch will do, what kind of hardware are you running?
No, the GWIA will NOT, by default, ignore a given NIC for outbound messages. By default, it will use any available address when sending. See the Novell GroupWise v6.5 Administration Guide at http://www.novell.com/documentation/gw65/index.html, specifically Page 641.
In order to force the GWIA to bind to a specific IP address for outbound E-Mail, you must choose the "Bijnd to TCP/IP Address at Connection Time" option under the SMTP/MIME tab (Settings panel) of the GWIA properties.
I note in passing that GWIA will still listen on all TCP/IP addresses on the machine for incoming E-Mail. There is no way to override that behaviour.
In order to force the GWIA to bind to a specific IP address for outbound E-Mail, you must choose the "Bijnd to TCP/IP Address at Connection Time" option under the SMTP/MIME tab (Settings panel) of the GWIA properties.
I note in passing that GWIA will still listen on all TCP/IP addresses on the machine for incoming E-Mail. There is no way to override that behaviour.
Good point, Block the groupwise ports on the 3rd NIC and it will be forced to transmit over the TEAMED NICS or just take it out and use the TEAMED NICS for everything. The work is done at the switch groupwise has nothing to do with the traffic flow.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello?