I'm trying to set up an email gateway environment for a user where they have multiple MX records / IP addresses which tie back to a corporate location where a single MEG75 appliance
exists. I've got the restrictions of having only a single appliance and VMWare virtual images are not an option. Customer has two independent networks coming into their facility. They
want ISP network 1 to have MX 1 and ISP network 2 to have MX 2, and have all the traffic filtered by the single appliance.
They understand the risks of not clustering and having multiple appliances.
What's the best way to get the routing enabled on the appliances to be able to respond to multiple gateways where the traffic can originate from (each independent MX address).
I tried bringing up NIC2 port forwarded to the appropriate network, but hit with routing issues on answer back because the default gateway provides the response back in all cases.
In a perfect world I understand multiple email gateway appliances tied to each public MX/IP address would be more appropriate. Currently in Explicit Proxy mode.
Definitely open to suggestions or recommendations that others might have used to solve this type of configuration scenario.
You might be over thinking your solution. The gateway does not care about MX records, it only cares about domains. If you can have the firewall NAT each of those external MX records to the IP of your gateway, you should be fine. You need to write the MEG rules to listen for mail for the domains that match your MX records.
What do you mean "You need to write the MEG rules to listen for mail for the domains that match your MX records." Can you give a generic example?
Sorry for the delayed response. Basically you will set up your email config under email/email configuration/sending email. You should list your domains here (there is also a delivering mail box). These are the domains the MEG will listen for. In our case these map to MX records.
I have my rules set up based on the following: I set up my "internal servers" under group management/network groups. Then in the email policies you can reference these groups such that "inbound mail does not equal source network is internal, and then for outbound you do the opposite. thanks,