Disable Server Response Inspection for our SMTP server?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Disable Server Response Inspection for our SMTP server?

L0 Member

We are having horrible delays with email taking up to 30 minutes to be delivered. Our email servers send mail to a 3rd party email security provider. So, I disabled DSRI from our SMTP server to their SMTP server. Email speed was back to being delivered in seconds. I wanted to have someone else confirm that my thinking is correct on this that it was the right thing to disable?

2 accepted solutions

Accepted Solutions

L7 Applicator

Hello,

Yes, it will not have any negative impact, but it will speed up the performancee. Typically DSRI is used in environments where internal servers are trusted and protected by the firewall. In these cases, content inspection can be configured for only client to server (internet users to internal servers) traffic using the DSRI option. By doing this, the Server to Client flow (internal servers to internet clients) is skipped after sufficient data has been inspected by the firewall.


Thanks

View solution in original post

L6 Presenter

Hi Abrrymn,

Following document should be helpful.

Improving Performance of HTTP with DSRI

Regards,

Hardik Shah

View solution in original post

4 REPLIES 4

L7 Applicator

Hello,

Yes, it will not have any negative impact, but it will speed up the performancee. Typically DSRI is used in environments where internal servers are trusted and protected by the firewall. In these cases, content inspection can be configured for only client to server (internet users to internal servers) traffic using the DSRI option. By doing this, the Server to Client flow (internal servers to internet clients) is skipped after sufficient data has been inspected by the firewall.


Thanks

L6 Presenter

Hi Abrrymn,

Following document should be helpful.

Improving Performance of HTTP with DSRI

Regards,

Hardik Shah

Can DSRI be enabled for any thing any rule or is this only helpful in case of HTTP requests.

The rule of thumb is DSRI should only be used for internal traffic, and not for Internet based traffic.

 

It is OK to have an Internet user check their mail (in your DMZ) and have DSRI on the DMZ (because DMZ is hardened OS, etc)

But is it really not permittable to have DSRI out to Internet (to speed up) because of potential malware, vuln, spyware, 0 day, etc.

 

Does this help answer your question?

Help the community: Like helpful comments and mark solutions
  • 2 accepted solutions
  • 6816 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!