Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2026
Views
0
Helpful
2
Replies

ESA redundancy deployment questions

Andrey Kornienko
Level 1
Level 1

‎03-04-2013 11:43 AM

Hello! My customer bought a pair of C370 ESA prior to deployment  planning. I need to deploy both of them into existing network and I'd  like to ask few questions with somebody who knows how to do it.

1. As I know from manuals, ESA doesn't support any  clustering but I have centralized management keys which can only sync configs between devices, am I right? Can I completely configure one device and sync it to other later or my complete config form first device will be erased while setting up centralized management clustering with second device?

2. I can use multiple mx records with different priorities in dns for incoming mail redundancy, and it's ok for me because I'd like to use my ESAs as active-passive, no load balancing. But I can't find out how can I make something similar for outgoing mail. I'm using Postfix MTA and it has configuration option that allows to send all the mail through external MTA, which is ESA in my case, but it can be only one. I thought about multiple ip addresses in dns records for single hostname and use that hostname in postfix config instead of ip address, but it seems to be something like round-robin and dns can't know which of two ESA is live or dead at this moment. So, I'd like to hear your suggestions for this situation.

I'm newbie with IronPorts so I will appreciate any help including links to manuals

Labels:
0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎03-04-2013 12:51 PM

1 config the first device, Create the cluster, config the network settiings for the second box, then join it to the cluster. The configs from the cluster will reset the configs on the second box. How to do this is covered in the docs
http://www.cisco.com/en/US/products/ps10154/products_user_guide_list.html

I can't help with Postfix...

Sent from Cisco Technical Support iPad App

0 Helpful

Valter Da Costa
Cisco Employee
Cisco Employee

‎03-04-2013 04:34 PM

I am not Postfix expert but I did find the following:

---

Michael Maymann:
[ Charset ISO-8859-1 unsupported, converting... ]

According to these:

http://www.postfix.org/postconf.5.html#smtp_mx_address_limit http://www.postfix.org/postconf.5.html#smtp_mx_session_limit

The Postfix SMTP client will try at least five IP addresses or two
SMTP sessions, When it reaches either limit, Postfix will
try another delivery later for several days.

The retry schedule behaves as documented at:

http://www.postfix.org/TUNING_README.html#hammer

Wietse


----

Direct URL:
http://www.mentby.com/Group/postfix-users/loadbalancingfailover-solution.html

Another URL with complementary info:
http://www.postfix.org/postconf.5.html#fallback_relay

Please be informed I cannot support Postfix other than in the best effort approach.

Please be careful applying any configuration recommended in the references for Postfix as I am not a expert and never personally tried failover approach with Postfix.

I hope this helps.

Regards,
Valter


Sent from Cisco Technical Support iPad App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents