Changing ISP - Firewall and MX questions

Hi all,

I am preparing to migrate my client to a new fibre line, and want to make sure that I don't miss a beat in my changeover.  Currently on site is a FW, VPN, Mail server at the client office.  Configurations as follows:

Watchguard FW on 64.*.*.14 / 30
Secondary: 206.*.*.190/26

I have mail records with the provider (which I just dropped the TTL from 1 day to 600 seconds) showing:         600 MX 10
autodiscover        - A -                   206.*.*.189
mail                     - A -                   206.*.*.190
mail1                   - A -                   206.*.*.189            - A -                   209.*.*.198
vpn                       - A -                   64.*.*.14  (not really a requirement to keep this)
webmail               - A -                   206.*.*.188
www                     - A -                   209.*.*.198

I currently am sending mail out to messagelabs, and the inbound route listed at messagelabs goes to 206.*.*.189

So here is where I say, I could use a little help organizing my next step.  There is a Barracuda Spam filter on site as well (I have no idea why they set this up a with a Barracude AND messagelabs...) that I want to remove, as well as make the change to the following IP's:

209.*.*.160 -> 209.*.*.167/29 (8)
Gateway: 209.*.*.161
Useable: 209.*.*.162   -    209.*.*.166

In what order would you do this?  As mentioned, I have adjusted the important TTL's.  I've got access to everything to modify my records, modify the IP on my Watchguard, change anything I have to on Exchange, and the requirement to ditch this Barracuda device and the redundancy of it.  If I missed any information I need to relay to help me plan this out, let me know!  Thanks so much in advance everyone,
Who is Participating?
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
If you are using Message Labs then your MX records are wrong.
You shouldn't have servers in your own domain listed, but the servers at Message Labs.
Do you have any coexistance period? The problem you will have is Message Labs. They will not start routing email to your new IP address until they have tested it. Then it takes a couple of hours to propagate through their "towers".
If you are having a coexistance peroid then it would be pretty easy to setup a temporary router so that you can setup the new address, and have both running at the same time.

Seth SimmonsSr. Systems AdministratorCommented:
don't forget to update any PTR/SPF records you might have
Seth SimmonsConnect With a Mentor Sr. Systems AdministratorCommented:
actually nevermind that...if your incoming and outgoing mail is through messagelabs then that would be irrelevant unless you were changing that also
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

browningitSysadminAuthor Commented:
I'm aware the current mail set up is improper, one of the reasons I am in to fix it. I forgot about the message labs secondary IP listing to test with, thanks for reminding me. I also need to adjust one of the records at ISP to go to message labs day of as well, thanks for that reminder too.

Anything else I may have missed or should consider?
Simon Butler (Sembee)ConsultantCommented:
Personally I would switch your inbound email flow over to Message Labs now. Then when you are changing everything across you will not lose any email.

browningitSysadminAuthor Commented:
Care to suggest how I should do that as first step? Might as well have everyone's opinion in plain text for those who read this later and require it!
Simon Butler (Sembee)ConsultantCommented:
Follow the instructions from Message Labs.
It will involve changing the MX records across. They have full details on what MX records you need to use in their portal.

browningitSysadminAuthor Commented:
Everything went great, just forgot to do RDNS with the ISP hosting, so I am waiting on them to apply and get back to me.  Tiny issue, really.

Points and other notes on how I configured everything in a neat list for users learning later.
browningitSysadminAuthor Commented:
Hi all,

Unfortunately I don't have all the time I need to write out the full details still, but I wanted to close this up and give out the points to those who brainstormed here.

Thanks again, and more to come when work settles down on my front.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.