May 02 2019 03:37 AM
Hi,
One of my customer has the following setup, and I'd need some recommendation to setup a hybrid mail flow -
Incoming emails -
Internet -> Cisco ASA firewall -> on premise Ironport -> Exchange servers.
Outgoing emails -
Exchange servers -> Ironport -> Cisco ASA firewall -> Internet.
We want to setup hybrid, and figure out a way to bypass Ironport as Microsoft recommends that there should not be any device between secure mail flow between online and on premise exchange servers. Any ideas on how to setup hybrid mail flow bypassing Ironport ?
May 02 2019 06:19 AM
Hi @akashg88
Is not advised by Microsoft to have any device between Exchange and Office 365, but you can setup hybrid and change de Connectors, both on-premises and Online to point to your infrastructure, but for best security you must enable TLS on those devices and Exchange Online and OnPremises Connectors.
May 02 2019 08:27 AM
Hi @Nuno Silva
Thanks for your response - I agree that there shouldn't be any device and I am trying to figure out a way to bypass Ironport, but unable to do so.
Is there a way by which I can bypass Ironport considering that traffic on firewall for port 25 is NATed to go to Ironport first. How do I bifurcate the traffic ?
@Nuno Silva wrote:Hi @akashg88
Is not advised by Microsoft to have any device between Exchange and Office 365, but you can setup hybrid and change de Connectors, both on-premises and Online to point to your infrastructure, but for best security you must enable TLS on those devices and Exchange Online and OnPremises Connectors.
Jan 15 2020 04:54 AM
@akashg88 please have a look at the following post from Cisco
Could that help you solve your issue ?
Kind regards
Spiros
Jan 15 2021 09:01 AM
Hi @akashg88,
I have a similar setup and planning to implement Exchange in Hybrid mode.
Please share your solution to me.
Thanks!