Has Trend fixed the hosted issue with two WAN connections? It used to be that even though your device had dual WANs, Trend would only forward the emails to one of the connections. If it went down, you had to submit an email request to move it to the other connection and it could be 12-24 hours before it went into effect and 99 times out of 100, the original WAN port would be back online. It does slightly defeat the purpose of having Dual WANs if you cannot receive email in this day and age.
Hey Art! I hadn't heard of this issue before but it sort of makes sense from a security perspective. Of course as you state it also defeats the purpose of having a primary and backup WAN link if you can't fail-over and still have the email protection. I'll have to escalate this up to the product team to review and comment on. I or they will get back on here and let you know. BTW, are you investigating this for a Partner or Customer?
I got with Trend on this because I thought it was something very interesting....
here is what they said...
I think you’re talking about the same setup as a customer having 2 mail servers, right? If so we have had a solution for this for a while.
They want us to send email to 18.104.22.168, but if that is down, send it to 22.214.171.124.
They would use the MX record method.
A customer would need to create a hostname that points to two MX records.
Give the primary site IN MX 10 and the backup IN MX 20.
Then we change the IMHS configuration to use the hostname they created.
Our postfix servers will only allow us to configure 1 IP address or 1 hostname in our transport file to deliver email back to the customer. If the customer has 2 or more mail servers they want us to use, they will need to create a new hostname DNS entry and point it to their multiple servers.
If they want our servers to try to deliver the email to their mail servers in a specific order, say mailserver1 and if that server is not available then try to deliver the email to the mailserver2, then they would need to setup the following DNS entries as an example:
mailserver1.customerdomain.com. IN A 126.96.36.199
mailserver2.customerdomain.com. IN A 188.8.131.52
imhs.customerdomain.com. IN MX 10 mailserver1.customerdomain.com.
imhs.customerdomain.com. IN MX 20 mailserver2.customerdomain.com.
Then we setup our server to deliver to imhs.customerdomain.com.
Although we don't use Trend, we use this method quite often and use DNS MX records for mail routing. Just make sure that your email host responds with a consistent name. It's fine if you have mailserver1 and mailserver2 in the MX records, but keep your mail sever as just mailserver. Setup A records for the IPs on both ISP, contact each ISP to setup PTR records for their respective A records, and add the mailserver host as an authorized host in the SPF record. It's easy to get mail via MX round robin, but sending is a bear if it's not setup correctly however it's getting easier if you relay outbound mail thru your spam filtering service.
Reboot and Factory Default Reset on ISA500 Series Integrated Security Appliances
Reboot or restart of the network device is made when certain changes in the settings need reboot or if the device is frozen. The configuration...
WAN Quality of Service (QoS) Policy Profiles Settings on ISA500 Series Integrated Security Appliances
Wide Area Network (WAN) Quality of Service (QoS) policy profiles manage traffic through classed-based profiles. These pro...
Cisco QuickVPN Installation Tips for Windows Operating Systems
For a video showing installation tips on Quick VPN, visit http://youtu.be/hHu2z6A78N8
Cisco QuickVPN is a free software designed for remote access to a ne...