Solved

Moving exchange interfaces for Barracuda spam filter

Posted on 2009-07-09
5
642 Views
Last Modified: 2012-05-07
I need to move our exchange interface to put a Barracuda spam filter inline. Our current setup is: 2 vms (win2k3 stnd sp2, server1.0, on a dell 1750 with 2 nic bridged to 4 vitual nics),  a front end exchange vm with an interface on the outside with a public ip x.x.94.10 with gtwy x.x.94.1, and a private ip x.x.7.30 without a gtwy, a back end exchange with a private ip x.x.7.13.

The suggestion I was given was to NAT our public ip x.x.94.10 to a private ip x.x.8.10 in our firewall. Patch outside switch to the spam filter and address it x.x.8.10. Create a dns record for the spam filter barracuda.barracudanetworks.com x.x.8.10. Change our mx record from mail.xxxx.org to barracuda.barracudanetworks.com. And flush and re-register dns.

Does this sound like a good way to go? How will this affect OWA, which we had accessed through mail.xxxx.org? Thanks.
0
Comment
Question by:percussed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 20

Assisted Solution

by:EndureKona
EndureKona earned 200 total points
ID: 24817922
 Your original mx record is/was mail.xxxx.org   Create a new A record i.e. smtp.xxxx.org (or MX or barracuda or whatever)   from your firewall NAT all SMTP traffic for smtp.xxxx.org to the Barracuda (device on the inside) and point the barracuda to the backend exchange.    Setup a SMTP connector from Exchange to the Barracuda and set the barracuda to allow relay out from the Exchange backend IP.  
   
Now for mail.xxxx.org NAT is IP this to your frontend with 443 and your are good.    So your don't have to do anything with OWA or Active Sync phones etc...  
0
 
LVL 20

Accepted Solution

by:
MightySW earned 300 total points
ID: 24818457
Hi,

Good idea, but you don't have to do anything special for OWA.  You can use the Barracuda:

Goto the cuda, Advanced, advanced IP config and configure port forwarding like so:

Port Forwarding      
 
Source Port    Destination IP                                                            Destination Port
443                 Your internal Exchange server address                 443
80                  Your internal Exchange server address                  80

This will allow you to continue to use OWA as advertised as it will go straight through the box.

You will (should anyway) have to change the port that you access the html interface on under basic/administration.  I changed mine to 8000.  So now when I access the cuda web interface I enter: http://cuda:8000 
You can also do the same if you use HTTPS and use advanced/administration and set the port to like 4343 or something like that.  

Either way you should be good to go.

HTH
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24818621
Well that is something I didn't know about the Barracuda.      I like it but the problem if the Barracuda freezes it takes down both email and OWA.   Not that this happens alot...they are solid device.    Just depends on the org requirements/size.    I'm not sure what load this will put on the Barracuda if you have 1000 remote users etc.

Just more to think about when setting up
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24818646
Good point.

Always good to have a spare on site :P
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24818654
These days it is so flipping easy to change an MX record.  I remember back in the day when it took like 2 weeks to change one.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question