As the Cisco IronPort Email Security Appliance (ESA) is a mail gateway, it does not substitute the backend mail server. It is a good practice and recommended to implement LDAP for recipient validation (to avoid that the ESA is accepting recipients that do not exist on the backend mail server which may result in getting listed at backscatterer.org or similar RBLs).
The ESA will be in charge of the emails that are sent to the MX record of the given domain, so it is supposed to face all threats of the internet (spam, phish, viruses, etc) so that they can be filtered. Considered clean mail will be forwarded to the backend mail server which will no longer be exposed to the internet directly. As you're using DLP, also the outgoing mails should no longer be sent from the backend mail server directly to the internet, but to the ESA for compliance verification and handling.
It is not necessary to import data from the backend mail server to the ESA, as the appliance is an SMTP gateway. It will receive mails via SMTP and forwards it via SMTP to the backend mail server (or the internet - for outgoing mails), End users may access the Spam Quarantine via HTTP/HTTPs to manage messages that have been found spam positive or suspect spam (configurable). LDAP queries can be used to allow recipient verification, LDAP based routing, Spam Quarantine & Appliance access authentication and LDAP group queries (for IT policy enforcement based on specific user groups).
So when the ESA is not configured to be end user accessible (i.e. no Spam Quarantine in use), the end users would not even be aware of that an ESA is in place that filters incoming/outgoing mails for the domain. The network routing on site may need to be altered so that the public IP of the MX record is ending up on the ESA and no longer on the (backend) mail server directly. By this, no change of the MX records on the DNS is required and no impact for the mail senders is encountered.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...