Configure Network Prevent for Email
Network Prevent for Email
The following table lists recommendations for configuring
Network Prevent for Email
for high availability and disaster recovery.
Recommendation | More information |
|---|---|
Use DNS MX records for mail flow. | Mail flow high availability should be configured with DNS MX records. This setting ensures that mail is delivered if the detection servers are down by going to the next hop in the MX record. |
Use a load balancer. | In email flow, a load balancer can be configured with a many-to-many configuration. The number of upstream MTAs connections, detection server connections, and downstream MTA connections must be the same in each location. If they do not match, mail queuing up or performance issues may occur. The load balancer can be inline between the upstream MTA and the detection servers. You can also use load balancers between the detection servers and downstream MTAs. |
Run Network Prevent for Email in the cloud. | Running Network Prevent for Email in the cloud can provide a more reliable platform. The cloud can also provide improved email flow for Network Prevent for Email monitoring. Use the DLP Cloud Detection Service. |
Validate the TLS certificates. | Rotate the certificates at least once per year if not more. TLS issues are a common problem with email flow. |
Deploy for spike traffic. | Calculate the mail flow at 1.2x the normal flow so that spikes can be absorbed in the current deployment. |
Account for Symantec Mail Gateway files and synchronizations. | Confirm the files that are in use for quarantine. If you have a non-CA issued certificate, then you sync the Protect\plugins\EmailQuarantineConnect\keystore.jks to all of the Network Prevent for Email boxes. |