Solved

Moving exchange interfaces for Barracuda spam filter

Posted on 2009-07-09
5
637 Views
Last Modified: 2012-05-07
I need to move our exchange interface to put a Barracuda spam filter inline. Our current setup is: 2 vms (win2k3 stnd sp2, server1.0, on a dell 1750 with 2 nic bridged to 4 vitual nics),  a front end exchange vm with an interface on the outside with a public ip x.x.94.10 with gtwy x.x.94.1, and a private ip x.x.7.30 without a gtwy, a back end exchange with a private ip x.x.7.13.

The suggestion I was given was to NAT our public ip x.x.94.10 to a private ip x.x.8.10 in our firewall. Patch outside switch to the spam filter and address it x.x.8.10. Create a dns record for the spam filter barracuda.barracudanetworks.com x.x.8.10. Change our mx record from mail.xxxx.org to barracuda.barracudanetworks.com. And flush and re-register dns.

Does this sound like a good way to go? How will this affect OWA, which we had accessed through mail.xxxx.org? Thanks.
0
Comment
Question by:percussed
  • 3
  • 2
5 Comments
 
LVL 20

Assisted Solution

by:EndureKona
EndureKona earned 200 total points
ID: 24817922
 Your original mx record is/was mail.xxxx.org   Create a new A record i.e. smtp.xxxx.org (or MX or barracuda or whatever)   from your firewall NAT all SMTP traffic for smtp.xxxx.org to the Barracuda (device on the inside) and point the barracuda to the backend exchange.    Setup a SMTP connector from Exchange to the Barracuda and set the barracuda to allow relay out from the Exchange backend IP.  
   
Now for mail.xxxx.org NAT is IP this to your frontend with 443 and your are good.    So your don't have to do anything with OWA or Active Sync phones etc...  
0
 
LVL 20

Accepted Solution

by:
MightySW earned 300 total points
ID: 24818457
Hi,

Good idea, but you don't have to do anything special for OWA.  You can use the Barracuda:

Goto the cuda, Advanced, advanced IP config and configure port forwarding like so:

Port Forwarding      
 
Source Port    Destination IP                                                            Destination Port
443                 Your internal Exchange server address                 443
80                  Your internal Exchange server address                  80

This will allow you to continue to use OWA as advertised as it will go straight through the box.

You will (should anyway) have to change the port that you access the html interface on under basic/administration.  I changed mine to 8000.  So now when I access the cuda web interface I enter: http://cuda:8000
You can also do the same if you use HTTPS and use advanced/administration and set the port to like 4343 or something like that.  

Either way you should be good to go.

HTH
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24818621
Well that is something I didn't know about the Barracuda.      I like it but the problem if the Barracuda freezes it takes down both email and OWA.   Not that this happens alot...they are solid device.    Just depends on the org requirements/size.    I'm not sure what load this will put on the Barracuda if you have 1000 remote users etc.

Just more to think about when setting up
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24818646
Good point.

Always good to have a spare on site :P
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24818654
These days it is so flipping easy to change an MX record.  I remember back in the day when it took like 2 weeks to change one.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now