This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

On Prem Exchange Migration to Office 365 Questions

Hi Guys,

We're looking at moving from an On Prem Exchange 2016 Server (Behind an SG230 doing all our SPAM filtering) to Office 365. I'm across the setup of Exchange 365 and already have the Domain Sync setup and working fine and about to re-config the On Prem Exch 2016 server to Hybrid.

Just looking for a guide/primer on what I need to do/change on the UTM so that ALL external Mail goes to Office 365, and the UTM allows that mail traffic back down to our Outlook clients, plus our On Prem Exch talks to our Office 365 setup. Any advice or tips are always appreciated ;)

Cheers



This thread was automatically locked due to age.
Parents
  • Hey, Dread.

    IFAIK, you can not have a third party filter (like UTM Mail Protection) between your OnPrem Exchange Server and Office 365 in a hybrid setup. It would break your mail flow from Office 365 to any mailboxes that still resides on your OnPrem Exchange Server. If you are setting Office 365 as your MX (which you should), that would prevent any messages from reaching mailboxes still OnPrem. The way to prevent this is to DNAT ports 25 and 587 to your Exchange Server. You could create a DNAT rule forwarding ports 25 and 587 only when originating from Office 365 hosts to minimize your Exchange Server exposure. 

    For the other way around, as long as you are not using transparent mail proxy and your Exchange Server is allowed to access ports 25 and 587 on the outside world it should just work, as the hybrid setup wizard creates a smart host on your Exchange Server that will bypass your default send connector for inter-domain communication, meaning any messages sent from OnPrem mailboxes to mailboxes that were moved to Office 365 will flow thought the internet and not Sophos UTM. 

    Now, for general outbound messages (non inter-domain), by default OnPrem mailboxes will still deliver them using your default send connector, meaning through Sophos. I don't think there's a way for ALL external mail to go though Office 365 without moving all mailboxes to the cloud.

    Regards,

    Giovani

  • Cheers Giovani,

    I suspected it would simply be a matter of re-directing the MX records as per Office 365's guidelines so that all external mail would flow to it first but I wanted to see if there were any quirks I needed to be aware of with the UTM in the middle of it all and currently having the Mail/SPAM role running ;)

    I'll have a play with it over the weekend and see how we go and report back if there are any issues ;)

    David

Reply
  • Cheers Giovani,

    I suspected it would simply be a matter of re-directing the MX records as per Office 365's guidelines so that all external mail would flow to it first but I wanted to see if there were any quirks I needed to be aware of with the UTM in the middle of it all and currently having the Mail/SPAM role running ;)

    I'll have a play with it over the weekend and see how we go and report back if there are any issues ;)

    David

Children
  • Well, you mentioned a hybrid setup, so I assume you'll make the move to the cloud in batches and, at least for some time, you'll have mailboxes on premisse and on the cloud. For this scenario you cannot have anything between your Exchange Server and Office 365, as this will break mail flow from cloud to OnPrem, turning your on premisse mailboxes useless. Now, if you move all the mailboxes to the cloud on a single sweep you might be able to get everything working by simply moving your MX to Office 365. When everything is in the cloud you'll only do management from your OnPrem servers, so it really doesn't matter if your mailflow cloud -> onprem works or not. 

    Regards,

    Giovani