02-19-2018 01:50 PM - edited 03-10-2019 12:58 AM
Hi folks. I was tasked with setting this device up, but I'm not really well versed in e-mail security. I did set up the C190s by way of import from our old device, but we are on our way to take that device down and have the new cluster do the job. What am I supposed to on the server/host end to make sure the mail is going through the ESA? I was given some surface knowledge on what to do, but it wasn't clear to me. I am supposed to alter an MX record and what else?
02-21-2018 05:36 AM
Cluster In ESA means sharing and updating security Config's between ESA.
In ESA except basic config like Interface config and all other config are moved form one ESA to Another ESA after successful cluster setup. No need to alter the Mx record as ESA's still work as individual entity.
Follow the Cisco ESA Cluster Guide to config cluster.
Hope this answers your question.
02-22-2018 09:55 AM
02-22-2018 10:04 AM
Hello,
You'll want to make sure that the Interface Name on each ESA is exactly the same (including capitalization).
IE:
ESA1 = Management
ESA2 = management
The above scenario will cause the listener on ESA2 to not start successfully because of the lowercase 'm', and you would need to set the name to Management and Submit/Commit the changes.
Also, an easy answer to your latter question could be to just create two A records for ironport1.mymail.com pointing to the separate ESA/s, but the downside is that DNS round-robin load balancing is not going to be nearly as efficient as using an actual LB product.
Thanks!
-Dennis M.
02-22-2018 11:20 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide