Configuring the DMZ Gateway Connection in Mail Express

Using DMZ Gateway with Mail Express allows administrators to limit access by allowing only outbound connections from the Mail Express via the firewall configuration. DMZ Gateway is designed to reside in the demilitarized zone and provide secure communication with the Mail Express behind intranet firewalls without requiring any inbound firewall holes between the internal network and the DMZ, and with no sensitive data stored in the DMZ, even temporarily. When configured to use DMZ Gateway, Mail Express functions normally, giving no indication to end users of the system that the additional piece has been added to the network. (Version 3.1 and later of Mail Express can connect to a network protected by DMZ Gateway v3.0.1 and later.)

The connection between Mail Express and DMZ Gateway is configured in the Mail Express administration portal. You must enable an outbound port from Mail Express to DMZ Gateway over which Mail Express is to connect to DMZ Gateway. By default, Mail Express will connect to DMZ Gateway using port 44500. Mail Express only communicates over HTTPS, which uses port 443 by default for client-side connections.

In the DMZ Gateway interface, Mail Express is considered a "Server" and the Mail Express DMZ Protocol Handler is considered a "Site" (e.g., in the DMZ Gateway Status pane). In the DMZ Gateway version 3.1.0 and later, when communicating with Mail Express, "Mail Express Server" appears in the Server Type column. In earlier releases of DMZ Gateway, “[Unknown]” appears in the Server Type column.

DMZ Gateway events are logged in the Mail Express Event log.

Before you can use DMZ Gateway with Mail Express, you have to provide Mail Express with the DMZ Gateway connection information.

To configure the DMZ Gateway information

1. In the Mail Express left navigation pane or on the Mail Express Status page, click DMZ Gateway. The DMZ Gateway Configuration page appears.

   

2. Select the Enable the DMZ Gateway as a proxy check box. The page expands to display more options.

   

3. In the DMZ Gateway address box, specify the hostname or IP address of the DMZ Gateway.

4. In the Server Port box, specify the port number used for connections by DMZ Gateway (44500 by default).

5. In the Client HTTPS Port box, specify the port on which DMZ Gateway listens for incoming client connections. In the case of Mail Express, client connections will typically include external recipients picking up files via the Pick-Up portal and external users dropping off files via the Drop-Off portal.

   • While the DMZ Gateway supports use of client ports other than port 443, it is highly recommended to use the default HTTPS port of 443 as this is the industry standard for HTTPS communications. When using the standard port, users will not have to specify a port value in the browser's URL if they are manually typing the URL to connect to a portal such as the Drop-Off portal.

   • Using a non-standard client HTTPS listener port will require either adding the port to the General Configuration Hostname so that the port is included on links generated by the Mail Express system, or the networking infrastructure must be configured using port forwarding to redirect external HTTPS traffic to the configured Client HTTPS port on the DMZ Gateway computer.

6. Click Save to save the changes or click Restore to return to the previous settings.

If the connection to DMZ Gateway was lost (e.g., due to network errors), you can click Reconnect or wait 30 seconds for the Mail Express to automatically try to reconnect.