Scribd Logo
Upload

Welcome to Scribd!

  • Esg01001 - Deployment Options - Slide Deck

    Uploaded by

    Amila Dissanayake
    31 views8 pages
    This document discusses deployment options for the Barracuda Email Security Gateway. It can be deployed in the DMZ with an external IP address, or behind a corporate firewall with port forwarding. It supports hardware, virtual, and public cloud deployments. The gateway acts as an email filter, blocking spam before it reaches the mail server. It provides comprehensive email protection and can be clustered for high availability.

    Original Description:

    Original Title

    esg01001_-_deployment_options_-_slide_deck

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses deployment options for the Barracuda Email Security Gateway. It can be deployed in the DMZ with an external IP address, or behind a corporate firewall with port forwarding. It supports hardware, virtual, and public cloud deployments. The gateway acts as an email filter, blocking spam before it reaches the mail server. It provides comprehensive email protection and can be clustered for high availability.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views8 pages

    Esg01001 - Deployment Options - Slide Deck

    Uploaded by

    Amila Dissanayake
    This document discusses deployment options for the Barracuda Email Security Gateway. It can be deployed in the DMZ with an external IP address, or behind a corporate firewall with port forwarding. It supports hardware, virtual, and public cloud deployments. The gateway acts as an email filter, blocking spam before it reaches the mail server. It provides comprehensive email protection and can be clustered for high availability.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    ESG01001 - Deployment Options

    ESG01001 - Deployment Options


    Introducing Deployment

    Agenda
    • Introducing the Email Security Gateway
    • Supported Platforms for the Email Security Gateway
    • Deployment in the DMZ
    • Deployment Behind the Corporate Firewall
    • Clustering the Barracuda Email Security Gateway
    • Virtual Deployment
    • Public Cloud Hosting

    Definition
    • The Barracuda Email Security Gateway acts as a filter for the
    mail server
    • Good mail is forwarded to the mail server
    • Spam does not even reach the mail server

    Blocked! Spam message

    Barracuda Email Security Gateway


    Mail Server

    1
    ESG01001 - Deployment Options

    Ease of Use
    • Simple web-based administrative interface
    • Up and running in 15 minutes
    • Default configuration blocks 95% of all spam

    Defense Layers
    • Comprehensive Protection from Email-Based Threats
    • Protects against inbound malware, spam, phishing, and
    Denial of Service attacks
    • Powerful, multi-method spam detection
    • No per-user or per-feature fees
    • Leverages proprietary, open-source, and user-defined
    methods

    Outbound Mail Defense


    • Stops outbound spam and viruses
    • Provides compliance via DLP (Data Loss Prevention)
    • Allows intelligent email encryption

    Barracuda Email Security Gateway


    Mail Server

    2
    ESG01001 - Deployment Options

    Cloud Connected
    • Barracuda Cloud Control offers centralized cloud-based
    management
    • Ensures that threats never reach the network perimeter
    • Barracuda Cloud Protection Layer pre-filters messages in
    the cloud
    • Offloads CPU-intensive tasks like antivirus and DDoS
    filtering to the cloud

    Cloud Connected
    • Definitions are provided in real time by Barracuda Central, a
    24/7 advanced security operations center
    • Email can be spooled in the Cloud Protection Layer (CPL)
    for up to 96 hours
    Cloud-based Management

    Barracuda Email Security Gateways

    Powerful Administration
    • Flexible logging system
    • Scheduled reporting
    • Syslog and SNMP available
    • Role-based administration

    3
    ESG01001 - Deployment Options

    Supported Platforms
    • Appliance
    • Virtual
    • Public Cloud
    – AWS
    – Azure

    10

    Hardware Models
    100 600 900

    200 800 1000

    300

    400

    11

    VX Models
    • Hypervisor Support including
    – VMware
    – Microsoft Hyper-V
    – KVM
    – XenServer

    12

    4
    ESG01001 - Deployment Options

    Public Cloud
    • AWS and Azure
    – BYOL License or Hourly / Metered
    – 3 models in each cloud to choose from

    13

    Deployment in the DMZ


    • Assign an external IP address to the Barracuda Email
    Security Gateway
    – MX record points to the Barracuda Email Security Gateway
    DNS

    example.com IN MX mail.example.com
    mail.example.com IN A 65.5.5.7

    Public IP Address Send email to user@example.com


    65.5.5.7

    Barracuda Email Security Gateway

    14

    Deployment behind a Corporate Firewall


    • MX record points to the firewall’s WAN interface
    • Configure SMTP Port Forwarding (TCP Port 25) on the
    firewall
    DNS

    IN MX mail.example.com
    mail.example.com IN A 65.5.5.7

    Public IP Address Send email to user@example.com


    65.5.5.7

    Barracuda Email Security Gateway

    15

    5
    ESG01001 - Deployment Options

    Clustering the Email Security Gateway


    • High availability and fault tolerance
    • Centralized management of policy, scalability and data redundancy
    • Supported on models 400 and higher
    • Must be the same platform, model and firmware.

    Admin changes policy

    Mail Server
    Internet Policy change replicates across cluster

    16

    Load Balancing Incoming Emails within a cluster


    • Load balance incoming email directed to a cluster of
    Barracuda Email Security Gateways in one of two ways:
    – Use a Barracuda Load Balancer ADC to distribute traffic based on:
    ▪ Weighted round-robin
    ▪ Weight least connections
    ▪ Adaptive scheduling methods
    – Configure multiple DNS MX records

    17

    Virtual Deployment
    • Requires a 64-bit capable host
    • 1 core, 2.5GB RAM and 50GB Hard Disk Minimum (100 Vx)
    • Only need a single virtual NIC on your virtual appliance

    18

    6
    ESG01001 - Deployment Options

    Initial Configuration: Virtual Appliances

    XXXXX-XXXXX-XXXXX

    1. Configure Network Settings

    2. Enter License Token and Default Domain

    19

    Public Cloud Hosting

    20

    Configure your corporate firewall


    • If deploying the ESG behind a firewall, open the following
    Barracuda Network address ranges:
    – 64.235.144.0/20 & 209.222.80.0/21
    Port Direction TCP UDP Usage
    22 Out Yes No For opening a support tunnel if needed
    25 In/Out Yes No Email and email bounces
    53 Out Yes Yes Domain Name Service (DNS). Verify that the DNS servers can
    resolve updates.cudasvc.com.
    80 Out Yes No Virus, firmware, and spam rule updates
    123 Out No Yes Network Time Protocol (NTP)
    443 Out Yes No HTTPS/SSL port used for initial VM provisioning and access
    to updates.cudasvc.com
    8788 Out Yes No For opening a support tunnel if needed

    21

    7
    ESG01001 - Deployment Options

    Initial Configuration: Getting Started


    ?

    Default Settings Custom Settings


    1. Connect the LAN port 1. Connect the monitor and keyboard
    2. Navigate to 2. Login with:
    http://192.168.200.200:8000 - Username: admin
    3. Login with: - Password: admin
    - Username: admin 3. Configure the network settings
    - Password: admin 4. Connect the LAN port
    5. Navigate to http://[CUSTOMIP]:8000

    22

    Initial Configuration
    • BASIC > IP Configuration
    – IP address settings
    – DNS configuration
    • BASIC > Administration
    – Change admin password
    – Set the time zone
    • ADVANCED > Energize & Firmware Updates
    – Set the automatic updates to On

    23

    Thank You

    24

    You might also like