It is not recommended in putting the C100 in front of the firewall. Even though the appliance is hardened you should put the appliance behind the firewall and port forward port 25 to the appliance. Ensure your firewall is not terminating port 25 and is just forwarding it on cleanly.
as Shane stated it is not recomended to place your device in an unprotected network. on the other had, the device is known as an "e-mail firewall" and penetration tests always showed me that the devices are really closed. (as long as you only enable SMTP on the interface)
let's put it like this:
always make a proper security risk analises
consider the strength of your firewall, if it's a Linux firewall, please feel free to place your C series "un protected" on the internet. if you have a heavy hardware firewall, try to find another solution.
if you want, you can alwaysprotect your C series with a dedicated cheap firewall like smoothwall (that is at least giving you information about the attacks you are blocking)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...