Solved

Moving exchange interfaces for Barracuda spam filter

Posted on 2009-07-09
5
639 Views
Last Modified: 2012-05-07
I need to move our exchange interface to put a Barracuda spam filter inline. Our current setup is: 2 vms (win2k3 stnd sp2, server1.0, on a dell 1750 with 2 nic bridged to 4 vitual nics),  a front end exchange vm with an interface on the outside with a public ip x.x.94.10 with gtwy x.x.94.1, and a private ip x.x.7.30 without a gtwy, a back end exchange with a private ip x.x.7.13.

The suggestion I was given was to NAT our public ip x.x.94.10 to a private ip x.x.8.10 in our firewall. Patch outside switch to the spam filter and address it x.x.8.10. Create a dns record for the spam filter barracuda.barracudanetworks.com x.x.8.10. Change our mx record from mail.xxxx.org to barracuda.barracudanetworks.com. And flush and re-register dns.

Does this sound like a good way to go? How will this affect OWA, which we had accessed through mail.xxxx.org? Thanks.
0
Comment
Question by:percussed
  • 3
  • 2
5 Comments
 
LVL 20

Assisted Solution

by:EndureKona
EndureKona earned 200 total points
ID: 24817922
 Your original mx record is/was mail.xxxx.org   Create a new A record i.e. smtp.xxxx.org (or MX or barracuda or whatever)   from your firewall NAT all SMTP traffic for smtp.xxxx.org to the Barracuda (device on the inside) and point the barracuda to the backend exchange.    Setup a SMTP connector from Exchange to the Barracuda and set the barracuda to allow relay out from the Exchange backend IP.  
   
Now for mail.xxxx.org NAT is IP this to your frontend with 443 and your are good.    So your don't have to do anything with OWA or Active Sync phones etc...  
0
 
LVL 20

Accepted Solution

by:
MightySW earned 300 total points
ID: 24818457
Hi,

Good idea, but you don't have to do anything special for OWA.  You can use the Barracuda:

Goto the cuda, Advanced, advanced IP config and configure port forwarding like so:

Port Forwarding      
 
Source Port    Destination IP                                                            Destination Port
443                 Your internal Exchange server address                 443
80                  Your internal Exchange server address                  80

This will allow you to continue to use OWA as advertised as it will go straight through the box.

You will (should anyway) have to change the port that you access the html interface on under basic/administration.  I changed mine to 8000.  So now when I access the cuda web interface I enter: http://cuda:8000 
You can also do the same if you use HTTPS and use advanced/administration and set the port to like 4343 or something like that.  

Either way you should be good to go.

HTH
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24818621
Well that is something I didn't know about the Barracuda.      I like it but the problem if the Barracuda freezes it takes down both email and OWA.   Not that this happens alot...they are solid device.    Just depends on the org requirements/size.    I'm not sure what load this will put on the Barracuda if you have 1000 remote users etc.

Just more to think about when setting up
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24818646
Good point.

Always good to have a spare on site :P
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24818654
These days it is so flipping easy to change an MX record.  I remember back in the day when it took like 2 weeks to change one.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question