Cisco Ironport initial setup

Posted on 2011-10-09
Last Modified: 2012-05-12
Hello Experts,

A client of mine insist on using Cisco Ironport to protect their mail server. I am going to need to see them soon on the setup requirement. However, I don't have any experience with Cisco Ironport.

What are the common questions that I need to ask in order to do this?

Their email server might be load balanced and pointed to some domain. Is it possible to use URL instead of IP?

Question by:chainfear
    LVL 18

    Expert Comment

    I don't have much experience with the C series, but here's a link to the configuration guide for Async OS.  I believe you can resolve the real e-mail server based on name but I'm not positive about that.
    LVL 33

    Accepted Solution

    There is a convenient checklist in the manual for such things - I will attach the manual to this post (its the 7.3 one, let me know if you need a different release version)

    actual setup is fairly straightforward  - have a read though the installation section of the manual, and post any questions you have.

    most load balanced setups use a virtual IP or something similar; you can either just point at that or set multiple delivery routes for inbound.

    one gotcha you won't be expecting - while you can set source IPs to either be for inbound mail or be permitted relay for outbound mail, that's an exclusive or - they can't be both. so if you try setting another host to send mail to both internal and external recipients AND set it to go to the ironport, it will be permitted to do one or the other, not both (in practice, if you set it to be outbound, it will mostly work - mail will go out to the default outbound smarthost, turn around, and come back in, then be permitted as inbound-only sourced; you may bump your nose on the fact that internal mail will have both outbound THEN inbound rulesets applied to it) ESA-7.3-Configuration-Guide.pdf

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now