Edge transport role placement question
Hi,I have a question regarding the edge transport role and its placement on the network.Currently the way our organisation receives email is that when an email comes into the business the first point of contact is our sonicwall firewall, this then forwards the email to a sophos email security device, which then will forward the clean email onto exchange 2003 where IMF does some additional spam filtering.I have exchange 2007 installed and a few test users are using it without any issues. Now we would like to implement the edge server as an additional protection. My question is, does it really need to sit on the edge of our network?Can it just be in a DMZ instead? or does it really have to be in a DMZ at all? Consider the following topology design:For example i wish to keep our firewall as the first point of contact for an incoming email. So the firewall has the public IP address and is on the edge of the network. Then the firewall would forward email to the sophos email security device, which would then forward onto the Edge Transport server, the Edge transport server could then forward, the email to exchange.So would this type of setup work?
August 14th, 2007 8:06am
Hi,
If you are satisfied with your Sophos device there is really no need for the edge server.
If you want it anyway you can place it on your LAN with no issues.
Leif
Free Windows Admin Tool Kit Click here and download it now
August 14th, 2007 8:56am
well see we are not that satisfied with the Sophos device, IMF still picks up heaps of spam, and that is after mail has been scanned through the sophos device.So if i wanted to keep the sophos device would it be best to do it like this:Option 1:Internet |Firewall | ---DMZ-------- Sophos ---DMZ-------- Edge transport |Internal |ExchangeOr likeOption2:Internet |Firewall | ---------DMZ----- Edge Transport |Internal |Sophos |exchangeWould option 2 work? like can the edge transport server forward email to something other than a hub server?
August 14th, 2007 9:27am
Him
The edge server can forward to any SMTP server, but if you want to use a lot of features (like recipient filtering, users white-black lists etc) you need to have it send directly to the HUB server.
Leif
Free Windows Admin Tool Kit Click here and download it now
August 14th, 2007 9:40am
so then if i wanted to take advantage of all the features then option 1 would be the best way to go?
August 17th, 2007 8:03am
best functionality will be if Edge sends mail to HUB server, so option 1 is better.
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2007 10:24am