So, we're thinking of getting a pair of M1070 Management Appliances to work with our cluster of C360 mail appliances (AsyncOS 7.6).
It is not completely clear (a) which things can be centrally handled, and (b) which things can be handled in a redundant manner. It is also not clear how the redundancy works - are things copied to both all the time? If the primary management appliance goes down for a while, are the missed logs copied over from the secondary when it comes back? When the primary is down, does the secondary take over a virtual IP so that users will still go to the same URL for quarantines?
Logging, reporting, and message tracking all seem to be easily done centrally, and are duplicated to the redundant.
As far as I can tell, the spam quarantine can be centralised, and it seems that it is replicated to the secondary if you have AsyncOS>7.2. I can't tell if the safelist/blocklist is replicted between the two, though, and what happens in a failover situation, although it seems it is held centrally. I've seen conflicting information about this, one saying that secondaryconfig can duplicate spam quarantines, the other saying you need to do some sleight-of-hand with content filters to duplicate messages to both management quarantines.
Is there a way to make other quarantines on the management servers? We'd like to have our policy quarantine held centrally, and redundant, so that if we lose a datacentre we can still release policy-quarantined messages. I can't tell how you can set thisup.
Finally, we currently route our emails via the cluster of C360 mail appliances. Would we continue to do this (and they send logs, quarantines etc to the management appliances), or would we have to instead route our emails via the new managment appliances, which then forward them on to the C360s?
If anyone there has successfully set up a redundant management appliance setup I'd be keen to hear the details.