Jump to content


Xanathar's Content

There have been 2 items by Xanathar (Search limited from 25-April 09)


By content type

See this member's

Sort by                Order  

#47057 HELP Setting up Barracuda 400 with PIX firewall

Posted by Xanathar on 18 February 2010 - 04:39 PM in Barracuda Email Security Gateway

Can ANYBODY Help me with this? We made the firewall changes and still no mail flows thru the barracuda.Thanks



#47030 HELP Setting up Barracuda 400 with PIX firewall

Posted by Xanathar on 17 February 2010 - 08:44 AM in Barracuda Email Security Gateway

We are adding a Barracuda spam filter to our email system. We are also running Exchange 2003 and have all of our users accessing webmail through MAIL.AAA.com in addition to devices which require imap support pointing to the same mail.AAA.com´┐Ż which also happens to be where our mx record points to.Because of webmail support and the imap devices we need to maintain the MAIL.AAA.COM to allow our users to continue to access the webmail, etc. without changing the address they are currently using.Now BARRACUDA says we need to do a port forward on our INBOUND MAIL to the BARRACUDA, but that forward in our firewall points to the external address for MAIL.AAA.COM as well as Directly to our mail server.Here is a sample of the config of our cisco PIXaccess-list acl_outside permit icmp any any echo-replyaccess-list acl_outside permit icmp any any time-exceededaccess-list acl_outside permit icmp any any unreachableaccess-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq smtp access-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq pop3 <---------------------------- access-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq wwwaccess-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq httpsaccess-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq imap4access-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq 993static (inside,outside) XXX.XXX.XXX.139 XXX.XXX.XXX.4 netmask 255.255.255.255 0 0Here is my thought process...am i overthinking it,? is there a better way? I am assuming the entry above with the arrow is my current port forward.1. Add a new dns record (perhaps MAIL2.AAAA.com) which points to a different external ip address2. Add new NAT translations to our network so the new external ip address points to our Barracuda3. Change our mx record to point the new external address (MAIL2.AAAA.com) instead of the existing MAIL.AAAAA.com4. Keep MAIL.AAAA.com and existing NAT translations the same so webamail and IMAP still workIs my thought process correct? Will people still be able to get to thier webmail? Will our normal external email still flow past the BARRACUDA first if we make this change? Is there something simple I am missing? Any thoughts would be greatful.Thank you for