- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Installing Email Security Software on Exchange Server
03/26/2020 
5 People found this article helpful
92,989 Views
Description
This article goes through the steps of installing SonicWall Email Security Software on an Exchange server. This is not a recommended configuration.
Resolution
CAUTION: Installing ES Software on an Exchange server is not recommended
CAUTION: Exchange uses all available resources and may impact Email Security performance.
CAUTION: Email Security Software initiates constant disk input/output and may affect overall server performance.
CAUTION: Troubleshooting Email Security may require rebooting the server.
CAUTION: Java can never be updated once the Email Security Software has been installed.
On Exchange, configure a receive connector to listen on port 25 to allow Exchange to receive email messages from the Email Security Software.
On Exchange, configure a send connector to smarthost to port 2525 to allow Exchange to send email messages back to the Email Security Software.
NOTE: For Exchange 2016, follow this link for instructions on configuring an alternate port
https://www.authsmtp.com/exchange-2016/exchange2016_alternative_port.html
On the Firewall, configure 2 NAT policies
- Inbound NAT policy to translate port 25 to port 2525 and push to a dual natured server.
- Outbound NAT policy to translate port 2525 to port 25 (may not be needed).
Disable User Access Control on the Windows server.
NOTE: If using Windows 2016, disabling UAC requires a registry edit.
http://original-network.com/script-to-disable-uac-server-on-windows-server-2016/
Disable all AV and endpoint security (firewall, AV, anti-malware, anything that does scanning).
Uninstall all Java.
Reboot the server.
Install software as administrator.
For the inbound path, configure SES to listen on port 2525, and to forward on email to port 25.
Set a different name for 220 banner on the inbound listener to help in diagnosing issues.
For the outbound path, configure SES to listen on port 2525 on it’s own IP and to use mx routing for sending.
Configure HTTP access to port 8088 and HTTPS to 4553 on the server. This will allow access without interfering with normal exchange traffic by using unregistered but similar ports.
NOTE: If you have AV software, the entire sonicwallES folder must be excluded from any form of virus scanning.
NOTE: If you have any firewall software, make sure that traffic to DMZ, LAN or where SES is located allows for 2525, 4553, and 8088 connections.
Related Articles
- SonicWall HES IP address blocklisted by UCEProtect or Backscatter
- How to add O365 connector for domain specific routing
- SonicWall Email Security on Hyper-V Platform
YES
NO