Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Mail on private and public segment (Kerio Mail on private and public segment)
  •  
eramic

Messages: 16
Karma: 0
Send a private message to this user
Hello,

I need some advice from good people. I my company I have KMS and KWF with 120 licences. KWF is main proxy for company with externel segment connected to public ip adress (to ADSL modem) and internet segment belongs to our private scope.
KMS is only connected with public IP adress with diferent provide (difrenet ADSL modem). I have Active Directory (dns, dhcp etc.).
For years we have this configuration but now I have reach 120 mailboxes and mail perform litle bit slow (Win2003 SP2, 2Gb, 3Ghz, 500Gb HDD SATA2). I suspect that mail is slow becouse people are reading email from inside trough proxy and then coming from outside to our email Basicly is there any way I can set up KMS to use both interneal (private) and external (public) segment. What is the easiest way? Maybe to add another NIC on email server and hook it up to internal segment??

Any advice?

Kind regards,
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
You could add a second NIC and put that onto the first DSL's lan, then set up DNS for that other address.

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
eramic

Messages: 16
Karma: 0
Send a private message to this user
Thank you for answer but can you be more precise please. After I add second NIC on email I need to asign private IP adress and internal DNS (form our Active Directory). After that do I need to add any kind of record in internal DNS to be sure that internal clients really use internal comunication with Email server not "internet".
Please be precise Smile

Kind regards.

  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I see two problems that will affect performance. The first is the HDD. KMS performance is greatly affected by the speed of the disk. If you run perfmon and watch the disk counters, you'll probably see things like large disk queue times, etc. Increasing to a faster disk subsystem should offer a noticeable performance increase.

The second issue seems to be your network setup, which it looks like you're aware of. I can't say about KWF, since we have a different firewall, but the concept should be the same.

Our mail server has a private IP address, and that's it. We then have a static NAT entry set up at the firewall to assign one of our public addresses to the mail server. Then, I duplicated our mail server A record on our local DNS servers to get the network machines going right to the mail server over the LAN. So, if you public record is mail.somedomain.com pointing to your public IP, create a mail.somedomain.com pointing to your local IP on your internal DNS servers. This is also necessary with NAT for laptops so they can access the mail server from inside or outside of the network using the same DNS name (don't need to change profile or settings when switching from inside to outside).

Scott
  •  
eramic

Messages: 16
Karma: 0
Send a private message to this user
Hmmm, interesting, but since my KWF is on diferent provider (on one segment) and on private sedment on the other side and think I cannot map internal adress, or not?. I am not worried to much about HDD performance I just wanna be sure that lan users really acces trough lan.
(I forgot to say there is ISS web site too on same server that need to be availabe both from outside and inside).

Sould I go with two NICs on KMS, or ???
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
You should be able to connect from segment to segment, no? Is each segment totally separated from each other, and only connected via ADSL through KWF?

Scott
  •  
eramic

Messages: 16
Karma: 0
Send a private message to this user
Yes they are on diferent segment and only connection is KWF in this case that means internet from another provider. My question is how to interconnect them, fastest and easiest way.
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
So you have two LANs on your WAN, and you want to merge the LANs, or interconnect them bypassing the WAN? There's a lot more to consider than the information you gave so far. It's also beyond the scope of this forum. You'd get better answers in a forum or newsgroup dedicated to networking.

Scott
  •  
eramic

Messages: 16
Karma: 0
Send a private message to this user
No i have One Lan, and two WANS, Proxy on first WAN (with another card conected to LAN) and second is on other WAN directly. Can I somehow put for example another NIC in email serwer and connect it to internal switch with internal scope adress and internal DNS?.

  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
Putting a second NIC in the KMS server and giving it a private address could be a security risk. You are bypassing your KWF firewall in that way. Someone from the Internet could try to access your LAN through the KMS server.

What you could do: Add a second NIC to KMS, give it a DMZ IP address (different local address range) and connect it to KWF. Add the appropriate routing information to KMS and put the new IP address in your AD DNS. Also check the firewall rules so they let the mail traffic through.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
RHarmsen.nl

Messages: 189

Karma: 0
Send a private message to this user
I am not complelty sure how your network is setup.

Could you provide a diagram of this in order to better understand what you have.
Previous Topic: Reverse DNS entries?
Next Topic: Allowing non-HTTPS Webmail password changes
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 14:46:16 CET 2017

Total time taken to generate the page: 0.00496 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.