Before you enable the Email Proxy role and integrate it with Symantec Mobility: Suite, make sure that you understand how to deploy the proxy in your environment. The deployment model that is depicted below is based on Symantec's recommendations and should be followed as a best practice. All of the instructions for the Email Proxy role in this documentation are based on the following deployment model:
Figure: Typical Secure Email Proxy deployment
In the above graphic, the firewall is your first public-facing entry point. So you would specify the FQDN or IP address of your firewall in the Exchange ActiveSync Host field in the device policy and the ActiveSync host in Device Policy field in the cluster configuration. You would specify the incoming and outgoing NIC addresses when you install the email proxy. The entry point into your mail server environment is a load balancer. So you would specify the FQDN or IP address of this load balancer in the Server Address field when you configure the cluster.
Based on a typical deployment model, also consider the following:
If you have a firewall and/or a load balancer, install your secure proxy instance, with the email proxy role enabled, behind them in a DMZ.
You can stand up multiple proxies behind a load balancer. The load balancer is expected to handle failover. When you use a load balancer, the recommended setting is to round-robin with persistence.
Symantec recommends no more than one proxy instance per Exchange Client Access server (CAS).
You secure the transmission from the device to the proxy by uploading a certificate when you configure your cluster. You must provide the PCKS#12 certificate.