Moving exchange interfaces for Barracuda spam filter

I need to move our exchange interface to put a Barracuda spam filter inline. Our current setup is: 2 vms (win2k3 stnd sp2, server1.0, on a dell 1750 with 2 nic bridged to 4 vitual nics),  a front end exchange vm with an interface on the outside with a public ip x.x.94.10 with gtwy x.x.94.1, and a private ip x.x.7.30 without a gtwy, a back end exchange with a private ip x.x.7.13.

The suggestion I was given was to NAT our public ip x.x.94.10 to a private ip x.x.8.10 in our firewall. Patch outside switch to the spam filter and address it x.x.8.10. Create a dns record for the spam filter barracuda.barracudanetworks.com x.x.8.10. Change our mx record from mail.xxxx.org to barracuda.barracudanetworks.com. And flush and re-register dns.

Does this sound like a good way to go? How will this affect OWA, which we had accessed through mail.xxxx.org? Thanks.
percussedAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
 Your original mx record is/was mail.xxxx.org   Create a new A record i.e. smtp.xxxx.org (or MX or barracuda or whatever)   from your firewall NAT all SMTP traffic for smtp.xxxx.org to the Barracuda (device on the inside) and point the barracuda to the backend exchange.    Setup a SMTP connector from Exchange to the Barracuda and set the barracuda to allow relay out from the Exchange backend IP.  
   
Now for mail.xxxx.org NAT is IP this to your frontend with 443 and your are good.    So your don't have to do anything with OWA or Active Sync phones etc...  
0
MightySWCommented:
Hi,

Good idea, but you don't have to do anything special for OWA.  You can use the Barracuda:

Goto the cuda, Advanced, advanced IP config and configure port forwarding like so:

Port Forwarding      
 
Source Port    Destination IP                                                            Destination Port
443                 Your internal Exchange server address                 443
80                  Your internal Exchange server address                  80

This will allow you to continue to use OWA as advertised as it will go straight through the box.

You will (should anyway) have to change the port that you access the html interface on under basic/administration.  I changed mine to 8000.  So now when I access the cuda web interface I enter: http://cuda:8000 
You can also do the same if you use HTTPS and use advanced/administration and set the port to like 4343 or something like that.  

Either way you should be good to go.

HTH
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Well that is something I didn't know about the Barracuda.      I like it but the problem if the Barracuda freezes it takes down both email and OWA.   Not that this happens alot...they are solid device.    Just depends on the org requirements/size.    I'm not sure what load this will put on the Barracuda if you have 1000 remote users etc.

Just more to think about when setting up
0
MightySWCommented:
Good point.

Always good to have a spare on site :P
0
MightySWCommented:
These days it is so flipping easy to change an MX record.  I remember back in the day when it took like 2 weeks to change one.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.