Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page
Email Security Gateway Deployment > Multiple-appliance deployments
Multiple-appliance deployments
Deployment and Installation Center | Email Security Solutions | Version 7.7.x
 
Applies to:                                         
In this topic                                       
*
Email Security Gateway and Email Security Gateway Anywhere, v7.7.x
*
Email Security Gateway Anywhere appliance cluster
*
Multiple standalone appliances
Multiple V-Series appliance deployments can be implemented when message volume warrants having greater processing capacity. When the deployed appliances are all in standalone mode, the appliances can be a mix of either V10000 G2 or V5000 G2 machines. In an appliance cluster, however, all the machines must be either V10000 G2 or V5000 G2 machines. A cluster cannot contain a mix of appliance platforms.
Email Security Gateway Anywhere appliance cluster
Multiple V-Series appliances are configured in Email Security Gateway as a cluster for this deployment scenario. Appliances in a cluster must all be either V10000 G2 machines or V5000 G2 machines. A cluster cannot contain a mix of different appliance platforms.
This Email Security Gateway Anywhere environment includes the Email Security hybrid service "in the cloud" filtering. See Email Security Gateway Anywhere single appliance for information about the email hybrid service.
You may want to use a third-party load balancer with an appliance cluster, to distribute email traffic among your appliances. Appliances in a cluster all have the same configuration settings, which can streamline a load balancing implementation.
Personal Email Manager traffic load balancing may be accomplished via cluster configuration. After a cluster is created, designate the Personal Email Manager access point in Settings > Personal Email > Notification Message, in the Personal Email Manager Portal section. Personal Email Manager traffic is routed to this designated IP address. This appliance then passes the traffic on to other appliances in the cluster via the round robin forwarding mechanism.
To create a cluster, add an appliance to the Email Security appliances list on the Settings > General > Email Appliances page, then configure these appliances in a cluster on the Settings > General > Cluster Mode page. See the TRITON - Email Security Help for details.
A primary appliance in a cluster may have up to 7 secondary (or auxiliary) appliances. Configuration settings for any cluster appliance are managed only on the primary appliance Email Appliances page (Settings > General > Email Appliances).
Cluster appliances must all be running in the same security mode (Email Security only mode or dual Email Security/Web Security mode). The Email Security Gateway management server (TRITON Console) and all cluster appliance versions must all match for cluster communication to work properly.
In order to protect the messages stored in Email Security queues, appliances added to a cluster must have the same message queue configuration as the other cluster appliances. For example, an administrator-created queue on appliance B must be configured on primary cluster appliance A before appliance B is added to the cluster. Message queue records may be lost if this step is not performed before cluster creation.
Multiple standalone appliances
A multiple standalone appliance deployment might be useful if each appliance must have different configuration settings. Two standalone scenarios are described in this section:
*
Using DNS round robin
*
Using domain-based routing
These Email Security Gateway Anywhere environments include the Email Security hybrid service "in the cloud" filtering. See Email Security Gateway Anywhere single appliance for information about the email hybrid service.
Using DNS round robin
Email traffic distribution among multiple standalone appliances can be accomplished by using the domain name system (DNS) round robin method for distributing load.
With Email Security hybrid service configured and running, set up the round robin system as follows:
1.
Enter the SMTP server domain in the Delivery Route page of the hybrid service configuration wizard used for registering Email Security Gateway with the hybrid service (Settings > Hybrid Service > Hybrid Configuration).
2.
Register the IP addresses of the appliances you want subject to the round robin method in the SMTP domain.
If hybrid service is not enabled, you need to modify your MX records to allow round robin load balancing. Ask your DNS manager (usually your Internet service provider) to replace your current MX records with new ones for load balancing that have a preference value equal to your current records.
Using domain-based routing
You can configure domain-based delivery routes so that messages sent to recipients in specified domains are delivered to a particular appliance.
Configure the domain groups for which you want to define delivery routes in the Settings > Users > Domain Groups > Add Domain Groups page. See the TRITON - Email Security Help for information about adding or editing domain groups:
*
Managing domain groups
*
Configuring delivery routes
To set up a domain-based delivery route on the Settings > Inbound/Outbound > Mail Routing page:
1.
Click Add in the Domain-based Routes section to open the Add Domain-based Route page.
2.
Enter a name for your route in the Name field.
3.
Select an order number from the Route order drop-down list to determine the route's scanning order.
4.
Select a destination domain from the pre-defined domains in the Domain group drop-down list. Default is Protected Domain. Information about the selected domain group appears in the Domain details box.
If you want to add a new domain group to the list, navigate to Settings > Users > Domain Groups and click Add.
If you want to edit your selected domain group, click Edit to open the Edit Domain Group page.
 
* 
Important 
The Protected Domain group defined in the Settings > Users > Domain Groups page should not be used to configure Email Security Gateway delivery routes if you need to define domain-based delivery routes via multiple SMTP servers.
Create domain groups that contain subsets of the Protected Domain group for mail routing purposes.
5.
Select the SMTP server IP address delivery option and enter the following information:
a.
Enter the SMTP server IP address or host name and port.
b.
Mark the check box to enable MX lookup.
c.
Click the right arrow to add the SMTP server information to the SMTP Server List. Mail for that domain group is delivered to the specified SMTP server for routing to the domain address.
 
 

Go to the table of contents Go to the previous page Go to the next page
Email Security Gateway Deployment > Multiple-appliance deployments
Copyright 2016 Forcepoint LLC. All rights reserved.