Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1831
Views
5
Helpful
9
Replies

Email Security C380 Deployment Questions

Go to solution
milin160791
Level 1
Level 1

‎01-07-2015 11:52 PM

Hi Team,

 

I am going to deploy Two Email Security C380 new boxes at one of our customer place. 

It is DMODE Enabled Appliance with Bounce Verification & CCS-MESSAGING Licenses. ( For Outbound Only)

I have some doubts please help me to make it clear.

 

  •  Is it UCS Box  or particular Cisco ESA Hardware? 
  •  How to Configure ESA for Mass Mail Delivery ?  (Configuration Example will be helpful)
  •  How to Deploy ESA with Multiple Interfaces for Outbound?   (Config. Example Required)
  •  How to Deploy both ESAs in HA ?  (( Clustering Example))

 

 

 

Thanks.

2 people had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jernej Vodopivec
Level 4
Level 4

‎01-08-2015 12:51 AM

1. This is specially configured Cisco UCS C240 M3 server under the hood.

2. Customize the Mail Flow Policy: "Mail Policies" -> "Mail Flow Policy" and customize parameters like Max. Messages Per Connection; Max. Recipients Per Message; Max. Recipients Per Hour: etc. These values depends on

You can find detailed information how to create Mail Flow Policy and link it to HAT here:

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-6/ESA_8-6_User_Guide.pdf

You have D-MODE license so you can use Mail Merge feature for sending mass mails also: take a look at chapter 40-4 how to do it.

3. What would you like to achieve with multiple outbound interfaces?

4. You can have HA by creating cluster (you don't need separate license). Create cluster by "clusterconfig" CLI command. I'd recommend to create cluster using SSH over CCS.

By configuring cluster you'll get configuration synced between both appliances. Logs, reportings and spam quarantine will still be at appliance level.

If you'd like to have centralized reporting, message tracking etc. you'll need Security Management appliance also.

You can find more information in Chapter 38.

 

View solution in original post

0 Helpful

Go to solution
Jernej Vodopivec
Level 4
Level 4
In response to milin160791

‎01-08-2015 05:31 AM

Hi!

> So, the initial configuration will remain the same as we are doing on C370
(Connect direct Management Interface and give our PC to 192.168.42.x/24 IP and so on..)   or    this one is UCS 240 M3 so that we need to do some extra stuffs. ?

No, you don't need to do any extra stuff. Forget that this is UCS server underneath :)

 

> I have already seen chapter 40-4 for Mass Mail Delivery but still confused with configuration part please help me with this.

Please tell me more about the requirements and what are you trying to achieve and I'll try to help you.

 

> Customer want me to deploy the box Using Multiple interface ( Like Data1- for Incoming mails from internet and Data2- for Outgoing Mails from lan. He wants to deploy ESAs for Outbound Mail Traffic only so is it good to Use Multiple Interfaces with this requirement ?

Yes, no problem at all.

Menu "Network" > "IP Interfaces" &  "Network" > "Listeners"

Create interface (public listener and connect it to WAN) and create second interface (private listener) and connect it to LAN.

See example on page 5-4: http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-6/ESA_8-6_User_Guide.pdf

 

 

> In Cluster Environment, will it work like (Active/Standby or Active/Active) ?  

Both appliances work at the same time - it's Active/Active cluster. Both appliances work as if they were in standalone more, only the configuration is synchronized.

 

> Also, only the Policies part will going to push from one appliance to other  or  Network Configuration will also pushed from one to the other ?
 ( Meaning Can we use different subnet on both devices while putting it in HA)

Network configuration is not synchronized. Policies, filter etc. are synchronized only.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Jernej Vodopivec
Level 4
Level 4

‎01-08-2015 12:51 AM

1. This is specially configured Cisco UCS C240 M3 server under the hood.

2. Customize the Mail Flow Policy: "Mail Policies" -> "Mail Flow Policy" and customize parameters like Max. Messages Per Connection; Max. Recipients Per Message; Max. Recipients Per Hour: etc. These values depends on

You can find detailed information how to create Mail Flow Policy and link it to HAT here:

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-6/ESA_8-6_User_Guide.pdf

You have D-MODE license so you can use Mail Merge feature for sending mass mails also: take a look at chapter 40-4 how to do it.

3. What would you like to achieve with multiple outbound interfaces?

4. You can have HA by creating cluster (you don't need separate license). Create cluster by "clusterconfig" CLI command. I'd recommend to create cluster using SSH over CCS.

By configuring cluster you'll get configuration synced between both appliances. Logs, reportings and spam quarantine will still be at appliance level.

If you'd like to have centralized reporting, message tracking etc. you'll need Security Management appliance also.

You can find more information in Chapter 38.

 

0 Helpful

Go to solution
milin160791
Level 1
Level 1
In response to Jernej Vodopivec

‎01-08-2015 01:30 AM

Dear Jernej,

--> So, the initial configuration will remain the same as we are doing on C370
(Connect direct Management Interface and give our PC to 192.168.42.x/24 IP and so on..)   or    this one is UCS 240 M3 so that we need to do some extra stuffs. ?

-> I have already seen chapter 40-4 for Mass Mail Delivery but still confused with configuration part please help me with this.

-> Customer want me to deploy the box Using Multiple interface ( Like Data1- for Incoming mails from internet and Data2- for Outgoing Mails from lan. He wants to deploy ESAs for Outbound Mail Traffic only so is it good to Use Multiple Interfaces with this requirement ?

- In Cluster Environment, will it work like (Active/Standby or Active/Active) ?  

Also, only the Policies part will going to push from one appliance to other  or  Network Configuration will also pushed from one to the other ?
 ( Meaning Can we use different subnet on both devices while putting it in HA)

 

Thanks

0 Helpful

Go to solution
Jernej Vodopivec
Level 4
Level 4
In response to milin160791

‎01-08-2015 05:31 AM

Hi!

> So, the initial configuration will remain the same as we are doing on C370
(Connect direct Management Interface and give our PC to 192.168.42.x/24 IP and so on..)   or    this one is UCS 240 M3 so that we need to do some extra stuffs. ?

No, you don't need to do any extra stuff. Forget that this is UCS server underneath :)

 

> I have already seen chapter 40-4 for Mass Mail Delivery but still confused with configuration part please help me with this.

Please tell me more about the requirements and what are you trying to achieve and I'll try to help you.

 

> Customer want me to deploy the box Using Multiple interface ( Like Data1- for Incoming mails from internet and Data2- for Outgoing Mails from lan. He wants to deploy ESAs for Outbound Mail Traffic only so is it good to Use Multiple Interfaces with this requirement ?

Yes, no problem at all.

Menu "Network" > "IP Interfaces" &  "Network" > "Listeners"

Create interface (public listener and connect it to WAN) and create second interface (private listener) and connect it to LAN.

See example on page 5-4: http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-6/ESA_8-6_User_Guide.pdf

 

 

> In Cluster Environment, will it work like (Active/Standby or Active/Active) ?  

Both appliances work at the same time - it's Active/Active cluster. Both appliances work as if they were in standalone more, only the configuration is synchronized.

 

> Also, only the Policies part will going to push from one appliance to other  or  Network Configuration will also pushed from one to the other ?
 ( Meaning Can we use different subnet on both devices while putting it in HA)

Network configuration is not synchronized. Policies, filter etc. are synchronized only.

0 Helpful

Go to solution
milin160791
Level 1
Level 1
In response to Jernej Vodopivec

‎01-08-2015 09:24 PM

Hi Jernej,

 

Thanks for your reply.

 

- I don't have a particular requirement for Mass Mail Delivery right now, but still I want to know that in which different ways we can configure this feature?

- How we can configure Bulk Mailing please explain in little brief.

-  If you can share an Implementation Document any of the ESA Device that will be great help.

 

Thanks.

0 Helpful

Go to solution
Jernej Vodopivec
Level 4
Level 4
In response to milin160791

‎01-10-2015 09:51 PM

Hi,

the point with IPMM is that you:

- don't generate thousands or millions of email messages with some email marketing software running on your PC but instead you define message template on the ESA itself and then generate and send emails based on the template message to email recipients with all workload done by ESA; so ESA will replace placeholders in email templates with real values and then send email to recipient; something like mailmerge function in Word

- that also helps minimize resources consumption because ESA doesn't have to process thousands SMTP connections

You can contact your favorite Cisco partner and ask them to provide you example libraries which Cisco created for this purpose. Cisco created these libraries in different common programming languages so just pick up one best suitable for you.

But on the other hand - you don't need to use IPMM for mass delivery at all if you don't need to - you can still generate emails in your favorite bulk email software which sends emails to ESA. ESA then delivers these emails to recipients - as standard MTA.

Go to solution
milin160791
Level 1
Level 1
In response to Jernej Vodopivec

‎01-11-2015 09:34 PM

Dear Jernej,

 

Thanks for your reply.

As I would like to ask you some questions one to one , can I have your skypeid or some personal id? (if you don't mind :) )

 

 

 

Thanks.

 

0 Helpful

Go to solution
Jernej Vodopivec
Level 4
Level 4
In response to milin160791

‎01-11-2015 11:48 PM

Hi, send me your skype ID and I'll add your contact.

If possbile please send questions to support forums so others could have benefit of the discussion.

0 Helpful

Go to solution
milin160791
Level 1
Level 1
In response to Jernej Vodopivec

‎01-12-2015 01:57 AM

Hi,

 

My Skypeid is milin1607

I will post here..whatever we will discuss.

 

 

Thanks.

 

 

 

0 Helpful

Go to solution
milin160791
Level 1
Level 1
In response to milin160791

‎01-31-2015 06:14 AM

Hi Jernerj,

 

Thanks a ton for your all support.

0 Helpful
Customers Also Viewed These Support Documents