If the two MX records have the same weight, then inbound mail has a 50% chance of hitting either machines. If they are different weight, inbound mail first tries the lowest number and then if it can't make a connection, will try the second higher MX record.
Currently, the ESA doesn't have a built-in way of failing over to another appliance.
Has anyone already done this kind of setup?
Once the ESA1 is down, it will automatically shift to ESA2.
For outbound traffic you can also use MX records. Unfortunately this feature is not that well known, I’ll try to explain how it works:. You can assign a "hostname" to a so called "Named MX record" and use this in your smarthost configuration on (for example) Exchange and Domino. The trick works like this: Get in contact with your DNS admin and ask him/her to add a named MX record to the DNS. A standard MX record is assigned to the domain. (example.local), a named MX record is similar to that but has a unique "hostname" within the domain "smarthost1.example.local". The noted IP's are of course your Ironports. If you want to have one host primary responsible for your outbound mail, you assign this host a lower MX preference value than your other hosts. (Just like you do on your public MX records) If you add this "hostname" in your "deliver all mail to this host" field in your Exchange of Domino outbound gateways they will use this like they would have used a normal A record. The big advantage is that your systems automatically switch to the other Ironport(s) if your primary outbound system(s) fail.
You can even add multiple of these named MX records to your domain. We have more that one Exchange (and Domino) environment and each system has its own MX records that are used for routing mail to that environment (al within the same domain). The really good news is that you can use this very cheap solution (everyone has a DNS infrastructure) for load balancing and High Availability configuration of your mail systems, without having to invest in load balancers. (And without all disadvantages that come with those devices).
One remark: you can not “ping” a (named) MX record. If you want to query it, you have to use nslookup (or dig) and specific use the MX query mode. This can be a little confusing sometimes for your fellow admins who are not used to this.
Since this is a rather unknown feature/usage of MX record, I can imagine it's worth a topic on it's own. Please let me know and I will start it.
Best regards Steven
PS: not all systems support using MX records as configurable item for mail delivery. The most important one for us is the (java based) mailer daemon that is delivered with the IBM websphere suite.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...