Tuesday, February 12, 2013 12:24 AM
We currently run Forefront Protection 2010 for Exchange (FPE) and the subscription will end later this year. I'm not clear what my choices are for moving to FOPE since MS is discontinuing FPE.
In the configuration of FPE, I can use the FPE Administrator Console to enable FOPE which requires that I register a FOPE account and install a FOPE gateway. The MX record would point to the FOPE gateway server. Is this the method to move to FOPE, or are we supposed to abandon our FPE installation and its support for FOPE using its own gateway?
If so, are there any white papers how to migrate from FPE to FOPE? My impression is that we would keep our FPE service in place and uninstall it once the FOPE service is operational.
- Edited by rosenstc Tuesday, February 12, 2013 12:26 AM typo
Tuesday, February 12, 2013 6:39 AM
FOPE is a cloud service like a smtp relay which does antispam and antimalware. You have to change your MX record to point to mail.messaging.microsoft.com so that all inbound email goes over FOPE. After FOPE has processed and the message is save the incoming email it is forwarded to your Exchange server.
FOPE can coexist with your local FPE installation there is no need to uninstall it from your Exchange server. You can configure in FPE that emails that have already scanned by FOPE should not be scanned again by FPE to save resources. If you want to remove FPE from your local Exchange server you can export your filter lists to txt files and import them into FOPE.
Check the FOPE Technet library for documentation:
If you have any further questions feel free to ask.
Christian Groebner MVP Forefront
Tuesday, February 12, 2013 4:40 PM
Thank you for your response, this is very good information. I just want to clarify a few things you mentioned:
Since we have an on-premise Exchange 2010 email environment, we can choose to keep our current FPE and enable it for FOPE to scan both incoming and outgoing email. Or, we can choose not to use our local installation of FPE at all. I presume the only advantage to keeping FPE installed is that we would keep all of our filter settings and make changes locally rather than through http://admin.messaging.microsoft.com? Also, the on-line help for our FPE indicates that in order to enable FOPE, we need to install a FOPE gateway to which our MX record is pointed. Now, it seems that this information is no longer valid as we would point our MX record to mail.messaging.microsoft.com instead?
Thanks again... Chris
Tuesday, February 12, 2013 6:43 PM
when you keep your local installation of FPE you can select that inbound emails already scanned by FOPE won't be scanned again by FPE. (http://technet.microsoft.com/en-us/library/ee358903.aspx). This saves you some ressources on your Exchange server.
The configured filters like keyword or file filters you have in FPE will work and you can configure them locally. There is a way to use the FOPE gateway to push the configured filters to FOPE. I've tried this many times but I never got it to work. But it shouldn't be a big thing to export the filters into txt files and import them into FOPE.
The FOPE gateway enables you to push configured filters from FPE into FOPE and allows you to manage the FOPE quarantine from the FPE console. But as I already said I've never got this working. It has noting to do with your MX record and the FOPE gateway is an option component.
For FOPE to work right you have to set your MX record to mail.messaging.microsoft.com and that's all.
Christian Groebner MVP Forefront
- Marked As Answer by rosenstc Tuesday, February 12, 2013 7:13 PM
Tuesday, February 12, 2013 7:17 PM
Thank you, I have transition plan now... I'll keep FPE running (not scan emails already scanned by FOPE) and remove FPE once I have FOPE fully operational and the filters exported. I don't see a compelling reason to use the FPE admin console vs. the FOPE admin console.