Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Moving exchange interfaces for Barracuda spam filter

Posted on 2009-07-09
5
Medium Priority
?
644 Views
Last Modified: 2012-05-07
I need to move our exchange interface to put a Barracuda spam filter inline. Our current setup is: 2 vms (win2k3 stnd sp2, server1.0, on a dell 1750 with 2 nic bridged to 4 vitual nics),  a front end exchange vm with an interface on the outside with a public ip x.x.94.10 with gtwy x.x.94.1, and a private ip x.x.7.30 without a gtwy, a back end exchange with a private ip x.x.7.13.

The suggestion I was given was to NAT our public ip x.x.94.10 to a private ip x.x.8.10 in our firewall. Patch outside switch to the spam filter and address it x.x.8.10. Create a dns record for the spam filter barracuda.barracudanetworks.com x.x.8.10. Change our mx record from mail.xxxx.org to barracuda.barracudanetworks.com. And flush and re-register dns.

Does this sound like a good way to go? How will this affect OWA, which we had accessed through mail.xxxx.org? Thanks.
0
Comment
Question by:percussed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 20

Assisted Solution

by:Rick Fee
Rick Fee earned 600 total points
ID: 24817922
 Your original mx record is/was mail.xxxx.org   Create a new A record i.e. smtp.xxxx.org (or MX or barracuda or whatever)   from your firewall NAT all SMTP traffic for smtp.xxxx.org to the Barracuda (device on the inside) and point the barracuda to the backend exchange.    Setup a SMTP connector from Exchange to the Barracuda and set the barracuda to allow relay out from the Exchange backend IP.  
   
Now for mail.xxxx.org NAT is IP this to your frontend with 443 and your are good.    So your don't have to do anything with OWA or Active Sync phones etc...  
0
 
LVL 20

Accepted Solution

by:
MightySW earned 900 total points
ID: 24818457
Hi,

Good idea, but you don't have to do anything special for OWA.  You can use the Barracuda:

Goto the cuda, Advanced, advanced IP config and configure port forwarding like so:

Port Forwarding      
 
Source Port    Destination IP                                                            Destination Port
443                 Your internal Exchange server address                 443
80                  Your internal Exchange server address                  80

This will allow you to continue to use OWA as advertised as it will go straight through the box.

You will (should anyway) have to change the port that you access the html interface on under basic/administration.  I changed mine to 8000.  So now when I access the cuda web interface I enter: http://cuda:8000 
You can also do the same if you use HTTPS and use advanced/administration and set the port to like 4343 or something like that.  

Either way you should be good to go.

HTH
0
 
LVL 20

Expert Comment

by:Rick Fee
ID: 24818621
Well that is something I didn't know about the Barracuda.      I like it but the problem if the Barracuda freezes it takes down both email and OWA.   Not that this happens alot...they are solid device.    Just depends on the org requirements/size.    I'm not sure what load this will put on the Barracuda if you have 1000 remote users etc.

Just more to think about when setting up
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24818646
Good point.

Always good to have a spare on site :P
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24818654
These days it is so flipping easy to change an MX record.  I remember back in the day when it took like 2 weeks to change one.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question