CA Gateway Security must communicate through the firewalls deployed on your network. The perimeter firewall typically performs a static Network Address Translation (NAT) that associates the CA Gateway Security private address with a live Internet IP address. Depending on the DNS MX method that you use, the firewall administrator may need to move the static NAT from the corporate mail system to CA Gateway Security.
You must also allow some TCP ports through the firewall to enable communication between clients to CA Gateway Security and between CA Gateway Security and its components.
Lock down these ports to the specific machines that need them. Configure firewall rules for egress filtering to prevent internal users from bypassing CA Gateway Security scanning.