DESCRIPTION: Integration of SES with Microsoft ISA Server.
When the client has Microsoft ISA server on the perimeter and SES configure to handle all outbound email via SmartHost on Exchange back-end mail server.
1) SES Appliance or Windows Server MUST be configured as a Secure-NAT client to the ISA Server. Meaning the SES Default Gateway MUST point directly to the ISA server. The ISA Firewall Client on the Email Security Windows Server will not work, nor can you install the ISA Firewall Client on SES Appliance. Even if the client has a routed internal network, the SES Server cannot point to the router as its Default GW due to how ISA handles Secure-NAT connections.
2) Ensure that the SES Server has Layer 3 connectivity to the ISA server via ICMP Echo Reply packets(most internally routed networks have defined routes to allow the Layer 3 Traffic from one segment to another). If the SES Server can ping the ISA Server, simply configure the SES to use the ISA Server as its default GW.
If above is not done, ANY and ALL ACLs(access rules) or Server Publishing Rules that are created on the ISA Server will seem to have no effect(SES will not be able to send TCP port 25 traffic out) until it is a Secure-NAT client of the ISA Server.