About mdafforn

mdafforn · 07-28-2016

Hello, I have a pair of C170's that have SHA-1 certificates on them, and I need to get them swapped for SHA-2. I can re-issue the certificates from GoDaddy, but what is the process for installing them in the C170? I'm not creating a new CSR, or ch...

mdafforn · 02-20-2015

Hello, I have a couple of servers setting in a DMZ, and communications sourced from the internal network are working correctly. When we try to back them up, though, the backup agent on the machine has to initiate the communication, and it fails.Inbou...

mdafforn · 10-15-2012

I have an exchange server behind 2 clustered C170s.Inbound mail flow from the Internet is flowing correctly, now I want to move my outbound relay from the old barracuda to the C170s.On the cluster config, I setup a mail flow policy (called relayed), ...

mdafforn · 05-30-2012

Hello,I have a pair of C170's in a cluster, and need to implement TLS for outbound connections to a set of domains.Currently the appliances have hostnames of ironport1.company.com and ironport2.company.com, externally they are referenced as mail.comp...

mdafforn · 11-30-2011

I have a stack of SGE2010P switches with 3 vlans (1, 10 and 255) on it. Connected to it via a trunk port, I have a SF300-24P.On the trunk ports, I have vlan 1 untagged, vlans 10 and 255 tagged (on both sides, obviously).On the SGE2010 stack, I can se...

mdafforn · 02-27-2015

That worked!Thank you very much.

mdafforn · 02-24-2015

Thanks for the suggestion, I have put the new nat rules: nat (inside,dmz) source static obj-10.2.2.91 obj-10.2.2.91 desti static obj-192.168.99.36 obj-192.168.99.36andnat (inside,dmz) source static obj-10.2.2.91 obj-10.2.2.91 desti static obj-192.168...

mdafforn · 02-23-2015

I do not have asdm installed at this point, I may try to do that later. current NAT entries:nat (inside,any) source static obj-10.2.2.0 obj-10.2.2.0 destination static obj-172.16.0.0 obj-172.16.0.0 no-proxy-arp route-lookupnat (inside,any) source sta...

mdafforn · 10-15-2012

Thanks for getting me most of the way there!I forgot I had set a rule on this customers firewall to only allow outbound SMTP from certain IP addresses, the ironports weren't in there yet.

mdafforn · 10-15-2012

I only have 1 IP interface, I NAT it through the firewall, so I cannot add a second listner on port 25.

Member Since	‎07-10-2003 05:47 AM
Date Last Visited	‎05-02-2018 12:45 AM
Posts	16

User Statistics

User Activity

Upgrade SSL cert on C170

ASA NAT/ACL rule

IronPort C170 as outbound relay

TLS setup questions

vlan problems on an SF 300-24P

That worked!Thank you very

Thanks for the suggestion, I

I do not have asdm installed

IronPort C170 as outbound relay

IronPort C170 as outbound relay