Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1360
Views
0
Helpful
5
Replies

MX LB / HA / Cluster ESA 380

mariappans
Level 1
Level 1

‎04-08-2015 09:33 AM

We go to deploy our new ESA (2 devices) as per mentioned below plan,

 

ESA 380 HA

ESA01 is primary for company A and ESA02 is primary for company B.

If ESA01 is down ESA02 will receive mail for company A using MX load balance. The same method for company B.

We are very confused on cluster with MX load balance on above scenario.

Like Two different ESA configurations devices can able include on single cluster. Since we have different policies for both companies and both companies have email server .

We need some explanation on above.

Please clarify on this

 

Labels:
0 Helpful
5 Replies 5

Ken Stieers
VIP
VIP

‎04-08-2015 09:53 AM

"Cluster" in ESA just means the configuration gets replicated.

 

So if you cluster them and want different policies for each company, you just go to Mail Polices/Incoming Mail Policies and create one for each company.

Add each domain you receive mail for to Mail Polices/Recipient Access Table

Add a route to each mail server for each domain under Network/SMTP routes

 

If you want separate "Host Access Tables" you can create separate listeners for each company (under Network/Listeners), and you may want to put them on separate IP interfaces, but you don't have to do this... one HAT may work just fine...

 

 

 

0 Helpful

gfernandez.glatam
Level 1
Level 1
In response to Ken Stieers

‎12-01-2015 03:40 PM

Now, somebody can tell me if this configuration gives HA for the mail service?

thanks

0 Helpful

Ken Stieers
VIP
VIP
In response to gfernandez.glatam

‎12-02-2015 08:25 AM

Yes, assuming that the configuration on the ESAs is the same (e.g. clustered), this should give you HA...

 

0 Helpful

ZoreckAmb14
Level 1
Level 1
In response to Ken Stieers

‎12-02-2015 09:36 AM

Hi Ken, 

I have a doubt, I have considered to use the similar scenario but I´m not sure what is the best practice,

I want to use two pairs of ESA in cluster cause I need HA I  would think the scenario propose as below show 

Can you give me your comments?

Preview file
39 KB
0 Helpful

Ken Stieers
VIP
VIP
In response to ZoreckAmb14

‎12-02-2015 09:50 AM

Keep this in mind, clustering of the ESA has NOTHING to do with HA... It just synchronizes configurations.

You get HA by configuring MX records and your emails system's outbound connectors.

Only buy 4 if you need to carry that much load.

You can put the ESA anywhere in your network, we used to have both interfaces inside the network.

I usually put the "public" port in the DMZ, and the private port inside.  Some people don't like the "bridging" a firewall" so they put the whole thing out in the DMZ...

0 Helpful
Customers Also Viewed These Support Documents