Exchange 2013 2-Node DAG

I am testing an Exchange 2013 2-Node DAG. Everything is setup and working properly. My question is what IP address do I point our firewall to for mail delivery? The IP address of the DAG?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StuartTechnical Architect - CloudCommented:
No the IP of the DAG is used for the DAG cluster only, you need to point this either a layer 4 or 7 load balancer (recommended) OR a DNS Round Robin record (not recommended) that points to both Exchange servers (presuming both have Client Access installed)
AmitIT ArchitectCommented:

I assume ctsuhako is asking IP required for sending and reciving emails.


If that's what you are looking. You need to add your server IP's. Example:
For Inbound.
Internet>If any spam Server>On Spam server add your Server IP>Email to Server

For Outbound
Server>Spam Server>Internet.

Let me know, that clears your doubt.
StuartTechnical Architect - CloudCommented:
I presumed ctsuhako was asking where to route SMTP to from his internal firewall for inbound emails from the Internet. Apologies if I misunderstood
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

AmitIT ArchitectCommented:

NP, until @ctsuhako more details, we both are on same boat.
Budhi WitonoCommented:
Best option with load balancer but you can point to your dag ip than only to 1 node, ;)
ctsuhakoAuthor Commented:
Sorry for the lack of detail, but here is what I am trying to do:

We are planning to move from Exchange 2010 running on a single server to Exchange 2013 with a 2-node DAG. We only have around 35-40 mailboxes. Currently, all email is routed thru our Sonicwall firewall to the internal IP address of the Exchange 2010 server at The servers in the Exchange 2013 DAG each have internal IPs of and I was wondering how to route the emails so that if one of the Exchange 2013 servers is down the email is automatically sent to the other Exchange 2013 server. From what I gather a load balancer would be the way to go, but from reading the following article, I am not sure if that is the case:
Exchange Server 2013 Client Access Server High Availability
Any input would be helpful and thank you all very much.
Budhi WitonoCommented:
hi ctsuhako, you can add A record   to your public IP 1 (Exchange 2010), public IP 2 (Exchnange 2013)and Public IP2 (Exchange 2013).
create/edit mx record : 10

Create sonicwall port forwarding smtp /imap /pop /pop3/imaps policy :
Source WAN (Public 1 ) to
Source WAN (Public 2 ) to
Source WAN (Public 3 ) to
StuartTechnical Architect - CloudCommented:
The article you linked  highlights how CAS arrays are now redundant in 2013 because of the stateless client access methods used. This does not give you resilience load balancing Internet mail into the organisation.

I recommend you install a pair of L7 software or hardware load balancers, and point the NAT on your sonic wall for both public IP's to the load balancers VIP. The load balancers can then balance SMTP (and external client access eg OWA) traffic to both your Exchange 2013 servers, the issue with the above suggestion is it would not detect if a critical exchange service was down on one of the servers and it would still route traffic that way..

I presume you can route internally between the 2013 servers and the 2010 server, if so all traffic as I suggested above can terminate at the new resilient pair of servers

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ctsuhakoAuthor Commented:
Thank you very much! Answered my questions completely.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.