Data Loss Prevention

 View Only
  • 1.  Using reflecting or forwarding mode for Network Prevent (Email)?

    Posted May 21, 2012 04:56 AM

    Hi all,

    Let say my setup is Exchange -> MTA. If I wanted to implement Network Prevent (Email), which mode is preferable, reflecting or forwarding?

    As I know the advantage of reflecting mode is the MTA will bypass the Network Prevent (Email) in case the Network Prevent (Email) is down. But not all MTA are supporting reflecting mode.

    If I use forwarding mode, the email will fail to send if the Network Prevent (Email) is down. But most of the MTA are supporting forwarding mode.

    Please correct me if I'm wrong.

    Thanks!



  • 2.  RE: Using reflecting or forwarding mode for Network Prevent (Email)?

    Posted May 21, 2012 09:39 AM

    Most customers I work with only have 1 MTA so they don't have much of a choice. I think forwarding mode is better from a raw performance standpoint since each MTA needs only one open connection at a time. If the customer is implementing DLP and don't yet have an MTA though, I wouldn't use DLP as a reason to sell them 2 MTAs for the purpose of going in forwarding mode.

    You should be able to use some MX lookup magic to get around the failure of the Email Prevent server if you do decide to use forwarding mode though. You'd need to specify a backup mx record pointing to the upstream MTA on the downstream MTA in case DLP goes down.



  • 3.  RE: Using reflecting or forwarding mode for Network Prevent (Email)?
    Best Answer

    Posted May 23, 2012 06:52 PM

    I would ideally configure two SMTP Virtual servers in Exchange, similar to the below. This would ensure that all email is routed to DLP by default, and to the MTA when DLP is not available.

     

    SMTP Virtual Server 1

    Exchange - DLP - MTA

    Cost = 1

     

    SMTP Virtual Server 2

    Exchange - MTA

    Cost = 2