Forefront Security for Exchange Installation » Forefront Security for Exchange SP1: Protecting Your Microsoft Exchange Organization with Microsoft Forefront Security for Exchange Server - TechNet Article

Forefront Security for Exchange SP1: Protecting Your Microsoft Exchange Organization with Microsoft Forefront Security for Exchange Server - TechNet Article

The Forefront Security for Exchange SP1 (FSE SP1) Technical Writing Team has done a good job outlining the considerations and merits for using Forefront Security for Exchange SP1 to reduce Anti-Virus and Spam using the combination of Anti-Virus Products inherant to FSE SP1.  In the article, titled 'Protecting Your Microsoft Exchange Organization with Microsoft Forefront Security for Exchange Server' the perspective of Inbound Scanning, Outbound Scanning and Internal Scanning (i.e. never leaving through an Outbound SMTP Gateway to another SMTP Namespace) is addressed.  Being a 'visual learner' I summarize a portion of the Microsoft Technet Article with the following Diagrams offered as part of the article content:

 
Figure 1 - Inbound Scanning 

If we follow the inbound SMTP messages we see in a configuration where each of the respective Exchange 2007 Messaging Servers includes FSE SP1 that the Edge Transport Server Role will pickup the bulk of Spam and Virus laden e-mail while the Hub Transport and Mailbox Server Roles do not require FSE SP1 scanning.

 
Figure 2 - Outbound Scanning

 The outbound SMTP messages are transferred to the Mailbox Server Role then immediately (based upon Exchange 2007 Mail Routing requirements) passed to the Hub Transport Server Role for Scanning and Stamping and then to the Edge Transport Server role for outbound delivery to the intended mail Target.

 
Figure 3 - Internal Scanning

For an SMTP message sent within an Organization from a Sender to a Recipient in the same SMTP Domain follows routing through the Mailbox Server 1 Role (Sender Malbox) to the Hub Transport Server for Scanning and Stamping to the Mailbox Server 2 Role (Recipient Mailbox) for delivery.  

Finally, if we add Forefront Online Security for Exchange Services outside of the Corporate Network (in the Diagrams where the 'Internet Cloud' resides) we can even further reduce on-premise Scanning for Anti-Virus and Spam in a measurable way.  Take some time to review this article.  It's worth the effort and offers real insight into how reducing Spam and Virus-laden e-mail can increase productivity!



 

 

Lynn Lunik
Independent Security Consultant
Windows(R) Platform
IT Pro Secure Corporation
and
exchangesummit.net
http://itprosecure.com and http://www.exchangesummit.net
blog <at> itprosecure.com

      

Posted Jul 09 2009, 06:31 AM by lynn lunik
Filed under: ,
Copyright IT Pro Secure Corporation 2009-2010 - All Rights Reserved Worldwide
Powered by Community Server (Non-Commercial Edition), by Telligent Systems
Locations of visitors to this page