Forum Discussion
Hybrid mail flow with IronPort
Hi,
One of my customer has the following setup, and I'd need some recommendation to setup a hybrid mail flow -
Incoming emails -
Internet -> Cisco ASA firewall -> on premise Ironport -> Exchange servers.
Outgoing emails -
Exchange servers -> Ironport -> Cisco ASA firewall -> Internet.
We want to setup hybrid, and figure out a way to bypass Ironport as Microsoft recommends that there should not be any device between secure mail flow between online and on premise exchange servers. Any ideas on how to setup hybrid mail flow bypassing Ironport ?
4 Replies
Hi akashg88,
I have a similar setup and planning to implement Exchange in Hybrid mode.
Please share your solution to me.
Thanks!
Hi akashg88
Is not advised by Microsoft to have any device between Exchange and Office 365, but you can setup hybrid and change de Connectors, both on-premises and Online to point to your infrastructure, but for best security you must enable TLS on those devices and Exchange Online and OnPremises Connectors.
Thanks for your response - I agree that there shouldn't be any device and I am trying to figure out a way to bypass Ironport, but unable to do so.
Is there a way by which I can bypass Ironport considering that traffic on firewall for port 25 is NATed to go to Ironport first. How do I bifurcate the traffic ?
NunoAriasSilva wrote:Hi akashg88
Is not advised by Microsoft to have any device between Exchange and Office 365, but you can setup hybrid and change de Connectors, both on-premises and Online to point to your infrastructure, but for best security you must enable TLS on those devices and Exchange Online and OnPremises Connectors.
akashg88 please have a look at the following post from Cisco
https://www.cisco.com/c/en/us/support/docs/security/cloud-email-security/214812-configuring-office-365-microsoft-with.html
Could that help you solve your issue ?
Kind regards
Spiros
