Network Topology Considerations

Deploy Deep Discovery Email Inspector between the firewall or an edge Message Transfer Agent (MTA) and the network's internal mail servers.

Make sure that the management interface eth0 (on the back of the appliance) is accessible via TCP port 22 for the Command Line Interface (SSH) and TCP port 443 for the management console (HTTPS).

While in BCC mode, Deep Discovery Email Inspector acts as an out-of-band appliance that does not interfere with network traffic. Deep Discovery Email Inspector discards all replicated email messages after they are checked for threats. No replicated email messages are delivered to the recipients.

Use BCC mode to understand how Deep Discovery Email Inspector processes email messages and identifies risks before fully deploying the product as an MTA. Configure an upstream MTA to mirror email traffic and handle message delivery. Deep Discovery Email Inspector sends alert notifications whenever a suspicious email message passes through the network, but does not deliver email messages.

The following figure shows how an email message passes through a network with Deep Discovery Email Inspector deployed in BCC mode. The email message enters the network and routes through the anti-spam gateway. The anti-spam gateway sends the email message through the network to the recipient and sends a copy of the email message to Deep Discovery Email Inspector. Deep Discovery Email Inspector investigates and then discards the email message.

While in MTA mode, Deep Discovery Email Inspector serves as a Message Transfer Agent (MTA) in the line of the mail traffic flow.

You can deploy Deep Discovery Email Inspector as an edge or non-edge MTA.

When Deep Discovery Email Inspector is deployed as a non-edge MTA in a network, an email message enters the network and routes through the relay MTA to Deep Discovery Email Inspector. The following figure shows an example.

When you deploy Deep Discovery Email Inspector as an edge MTA in your email network, Deep Discovery Email Inspector receives email messages from a routing gateway and performs the user-defined actions on detected messages.

If the email message passes inspection, Deep Discovery Email Inspector routes the email message to downstream MTAs. Based on the policy configuration, Deep Discovery Email Inspector performs user-configured actions on messages that detected as spam or graymail, contain malicious file attachments, embedded URLs, content violations, or suspicious message characteristics. Deep Discovery Email Inspector then notifies recipients.

While in SPAN/TAP mode, Deep Discovery Email Inspector acts as an out-of-band appliance that does not interfere with network traffic. Deep Discovery Email Inspector discards all replicated email messages after they are checked for threats. No replicated email messages are delivered to the recipients.

Configure a switch or network tap to send mirrored traffic to Deep Discovery Email Inspector. Deep Discovery Email Inspector sends alert notifications whenever a suspicious email message passes through the network, but does not deliver email messages.

The following figure shows how an email message passes through a network with Deep Discovery Email Inspector deployed in SPAN/TAP mode. The email message enters the network and routes through the switch or network tap. The switch or network tap sends the email message through the network to the recipient and sends a copy of the email message to Deep Discovery Email Inspector. Deep Discovery Email Inspector investigates and then discards the email message.

In a network topology containing multiple Deep Discovery Email Inspector appliances, Apex Central can aggregate log and suspicious objects data, generate reports, and update product components. Optionally single sign-on (SSO) through Apex Central to the management console of any registered Deep Discovery Email Inspector appliance.

The following figure shows how email messages pass through a network with multiple Deep Discovery Email Inspector appliances configured in MTA mode and registered to Apex Central. Each Deep Discovery Email Inspector appliance independently processes email messages as an MTA while management is centralized through Apex Central.

For details about configuring Apex Central settings, see Deep Discovery Email Inspector Administrator's Guide.