Preparing to install a c170 email security appliance behind a Verizon provided firewall. At present, our DNS zone file drives mail (smtp) traffic to an internet facing ip address on the Verizon provided firewall. The firewall redirects this traffic to an internal address ("A") which resides on an Exchange server . This seems to work fine for email and for our mobile users' active sync connections. My first thought was to assign the C170 appliance Address "A" and change our existing Exchange server's address to "B". The C170 would receive all the mail from the firewall and relay it (after processing ) to the Exchange server. And the Exchange server would in turn relay it back out via the C170. That sounds simple enough but I'm not sure what happens to the SSL traffic from mobile devices like smart phones and tablets. They use an SSL port (443) on Address 1. for active sync updates etc. Currently the firewall sends all that traffic to internal Address "A" (where the Exchange server lives now) Can the c170 pass/relay active sync ssl traffic onto the Exchange server? Or do I have to go through the process of changing the dns zone file records at the DNS hosting site and then go through Verizon (nightmare) to make the changes in its firewall for redirecting that to another internal address ("C") for the C170. And then there's the message archiving appliance to figure out ... but I digress. Perhaps I'm over thinking the problem but I should would appreciate some help - Thanks in advance and let me know if I need to clarify anything.