My network have Exchange server working behind cisco router, I am going to install barracuda device behind the router to filter spam emails ( smtp traffic ).
the ACL I have is 2 ACL one for the outbound traffic and the other for the inbound traffic
as the following :
Exchange Public IP : 10.1.1.1
Exchnage Private IP : 192.168.1.1

ACL_Outbound
permit udp host 10.1.1.1 any eq domain
permit tcp host 10.1.1.1 any eq smtp
permit tcp host 10.1.1.1 any eq www

ACL_Inbound
permit tcp any host 10.1.1.1 eq smtp
permit tcp any host 10.1.1.1 eq www
permit tcp any host 10.1.1.1 eq 443
permit tcp any host 10.1.1.1 eq pop3

NATing

ip nat inside source static 192.168.1.1 10.1.1.1

That is all and is working fine, Now my question what I have to modify in the above settings so I can keep Exchange ( POP3 & OWA ) and Barracuda ( SMTP ) working together ??
Note I am going to assign the Barracuda this IPs:
Private IP : 192.168.1.2
Public IP : 10.1.1.2

let me see the professionals here lolo:

No answers till now, is it complicated ?!!!

Dears,
Regarding the spam email configuration, this is the answer how we have to do that :
First of all we have to know that the goal of spam firewall is to filter the SMTP traffic from any intruders and spam emails and to allow that we have to forward all emails from exchnage server to barracuda before the exchange get it. Usually this is done by assigning Public IP to spam firewall and in the ISP side you have to ask him to assign the MX record to your spam firewall public IP, so all SMTP emails will be forwarded to your spam firewall.

Now let us talk form the router side what you have to do and how to control the spam firewall traffic, for me the best method is to create two ACLs, ne for the outbound traffic and the other for the inbound traffic as the following

***** Inbound traffic *****
permit tcp any host FIREWALL_PUBLIC_IP eq 22 ( SSH Protocol )
permit tcp any host FIREWALL_PUBLIC_IP eq smtp
permit tcp any host FIREWALL_PUBLIC_IP eq www
permit tcp any host FIREWALL_PUBLIC_IP eq 443 ( HTTPS Protocol)
permit udp host ISP_DNS_SERVER_IP eq domain host FIREWALL_PUBLIC_IP
permit tcp any eq 22 host FIREWALL_PUBLIC_IP
permit tcp any host FIREWALL_PUBLIC_IP established

***** Outbound traffic *********
permit tcp host FIREWALL_PUBLIC_IP any established
permit tcp host FIREWALL_PUBLIC_IP any eq 8080
permit udp host FIREWALL_PUBLIC_IP host ISP_DNS_SERVER_IP eq domain
permit tcp host FIREWALL_PUBLIC_IP any eq 123 ( NTP Protocol )

That is all, and to be note that what i wrote is applicable to Barracuda products which is the very popular products in this field.

I hope we got useful information and my best wishes to all