I will be soon setting up my first Sophos UTM 120 with full guard, and I have a few questions regarding the setup of Web Server/Email Protection.
First when it comes to public DNS, am I to setup the Host/MX record to be that of the ASG? I ask this because my employer has a SBS 2011 server where they’re using Exchange 2010. My previous experience has been with Cisco products. Am I to assume that if I correctly setup Email/Web Server Protection I won’t need NAT /ACL rules created for the external access to OWA or incoming mail?
As an example right now the company has a Cisco ASA, where they have a host record setup for the server using “mail.company.com” and an mx record also setup for “mail.company.com”. They currently have a block of five public IP addresses one of which is allocated to the Cisco ASA and the other to the SBS server. Now when I switch over to the UTM, am I correct in the understanding that I will only be using one public IP address of which the MX/Host record will point to the ASG?
Also since IIS is setup to redirect HTTP requests to HTTPS should I be setting up the virtual server/real server to accept HTTP requests, or is there any way to keep that redirect functionality?
Last but not least, when setting up the domains for email delivery the Admin guide states to use the internal domain. And in this case the internal domain is 100% different from the public FQDN. For example the external FQDN is “mail.company.com” while the internal FQDN is “****.company.local”. All of the examples in Sophos documentation having them using “company.com” now that may be because they assume the internal DNS is using “company.com” instead of “company.local”, but for clarification sake am I correct that I should be using “company.local”? Also since HTTPS is used for both OWA and Activesync , is there anything I need to take into account so I don’t break the functionality of users smartphones being able to connect to the exchange server?
I understand that this is all something I will have to tinker with come installation time, but in order to avoid some headaches and to have a good launching point I figured I would seek the advice of more seasoned experts. Thank you for your time and your input, and I hope your weekend is going well. Also I apologize if this post is redundant in any fashion.
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
