07-02-2020 04:28 AM
In our existing virtual SMA appliance is in Internal zone and ESA appliances are in DMZ. We are now deploying a new SMA appliance as a replacing for our existing virtual SMA device.
We are enabling secured centralised SPAM Quarantine access to employees through Intrenet & Internet. Since the appliance has web service enabled we prefer to go with DMZ but still we couldn't find any recommendation in Cisco portal.
a) Does CISCO recommends placement for SMA in any documents.
b) If you have come across such situation please suggest
07-02-2020 05:26 AM
Most of the cases this is Manangment Box, Managed By Internal Admin, So they can manange using internal LAN or remote workers get in to corportate and use jump box to conect to SMA to manage.
Always my suggestion is to place them internally behind the FW so it is secured and trusted.
07-02-2020 07:00 AM
Hi,
Thanks for your reply. CISCO offers Quarantine email release service in both http and secure http ports. In that case this appliance will also be accessed by users from internet. In that case I have to expose my internal segment to internet users.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide