Transitioning to Forefront Online Protection for Exchange (FOPE) (Part 2)

by [Published on 6 June 2013 / Last Updated on 22 Aug. 2013]

In this second article of our series, we are going over the process to configure our organization to send outbound messages and how we can use the reporting capabilities of the solution.

If you would like to read the other parts in this article series please go to:

Managing Outbound traffic

The benefit of using FOPE for the outbound traffic is that you can guarantee that only your servers are sending messages to the Internet and if there is any infected machine on your network with relay permissions or an internal client sending viruses to the Internet, that traffic will be blocked by FOPE.

In order to configure the outbound traffic through FOPE the following key points should be considered:

  • Set your firewall to allow only Exchange Servers to send messages to the Internet/FOPE, and this step can be used at the end of your transition
  • Configure your SPF record with all your Exchange Servers that can send messages
  • Make sure that the Public IPs used by your Exchange Servers are not blacklisted
  • Make sure that you know all Public IPs being used by your Exchange Server

The first step to migrate the Outbound Traffic to FOPE is to change your SPF record, if you don’t have one I would suggest you create it and the string include:spf.messaging.microsoft.com should be added to your current/new SPF record. If you are not sure or want to double check, you can always use the Microsoft SPF record wizard and add spf.messaging.microsoft.com in the section Outsourced Domains (Figure 01). The result of this wizard will be the final string that you will use in your public domain.

Image
Figure 01

The second step for the outbound process is to configure our on-premises side to use the FOPE services; you can change your existent send connector or create a new one. In the Network tab (Figure 02) change it to Route mail through the following smart hosts and add mail.messaging.microsoft.com.

Image
Figure 02

After changing the Send connector, you will notice that your Queue Viewer which usually has tons of queues will be reduced to a few queues where mostly are internal and for different sites in case you have multiple sites, and a single queue for all our external recipients which is going to be our mail.messaging.microsoft.com as we configured it in the previous step (Figure 03).

Image
Figure 03

On the FOPE side, we need to perform a simple change, which is to authorize our Public IPs that will be connecting to FOPE to send messages. You can add your outbound Public IP address that will connect with Microsoft at Company or Domain level. It is up to you, at Domain level you have more flexibility to allow specific servers per domain while; on the other hand at Company level you have a global view of all servers that connect on the FOPE to relay messages to the Internet.

In this article let’s use Company level. Logged on FOPE Admin Console, click the Administration tab, and then click Add on the Outbound Mail Server IP Addresses section and on the new page that is displayed add one Public IP per line, as shown in Figure 04.

Note:
Microsoft uses IP address 192.168.0.1 as example, which is a local IP, and it may give you the wrong idea about which IP should be added here. Please, make sure that you are adding the Public IP being used by your Exchange Server, if you are not sure ask your Firewall administrator.

Image
Figure 04

Managing FOPE Reports…

If you have to create reports for your organization with graphs to upper management, you will be pleased to know that FOPE has a lot of stuff built-in however those reports are not just pretty, they are also really good to start troubleshooting. In order to manage reports we can click on Reports tab on the main page. Here is a list with all available reports:

  • E-mail Traffic report
    • Inbound delivery
    • Spam
    • Inbound virus
    • Inbound policy filtering
    • Outbound delivery
    • Outbound suspicious
    • Outbound virus
    • Outbound policy filtering
  • Top Viruses report
  • Deferral report
  • Top Users report

All reports can be exported to several formats (XML, PDF, CSV, Excel, Web Archive and TIFF are available); the administrator also has the ability to create scheduled reports to be delivered on its mailbox automatically.

Since we mentioned troubleshooting in the previous sentence, we can start working on the reports creating a deferral report where this report will show if messages are being delivered properly. A good report of this component should be always zero, however in some cases we can find an issue like the one below where in a single day, 3 (three) messages were deferred, as shown in Figure 05.

Image
Figure 05

If we go on the left side of the report, expand the day when it happened and click the provided link the result will be a new page with a brief explanation (Figure 06). You can always open a ticket with Microsoft if you have any questions.

Image
Figure 06

The Inbound Traffic Report (Figure 07) provides great level of detail and it is divided in two sections, by count and volume supported by graphs. We can expand each day listed in the summary table and a list containing all numbers by day - a summary at the bottom will be displayed. We can go deeper and expand any given day to get to a link of numbers per virus, filter, etc. If we click these items, we can see valuable information about those numbers in a new page.

Image
Figure 07

In Figure 08, we expanded the day where we noticed a high number of viruses, and on the list per hour of that day we clicked on the hour that we have 3 (three) virus incidents. Just by doing that we will be able to understand what is going on in a single glance, and as part of the information provided we will gather which virus, attachment name, sender and recipient information about that blocked message.

Image
Figure 08

One last hint about reporting is the main page. If you glance at the left side of the page we have all the information about the current organization where the administrator can choose the summary based on the last 30, 90, 180 or 365 days. The summary views available are Delivery count, Spam Count, Policy Count, and Virus count (Figure 09).

If you look at the right side of the same screen, you will have the FOPE network report where you can compare your environment with the global numbers.

Image
Figure 09

Conclusion

In this second article of our series we covered the basics of outbound SMTP and FOPE reporting capabilities and at this point we understand how to use FOPE to send and receive messages, however we are going to improve the solution in our next article by starting to synchronize our Active Directory information with FOPE.

If you would like to read the other parts in this article series please go to:

Advertisement

Featured Links