Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 2078 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Newbie and Firewall Rule Problems

TobiasPlagge

Hi friends,

i will switch from UTM to XG and I using XG for 4 weeks.

Incoming Traffic to root over WAF works perfekt.

When i config the WAF with hosted server = WAN and Port 443 and i wear Domain vom may DNS Provider and under protected server my internal Webserver, operate the Configuration perfekt and my Website is external  reachable.

If I configurate a WAF to other port, for example Confluence Port 8090, is the webpage not available.

Whan I configurate a SMTP Port 25 from external WAN Port to direct Link to my Mailserver, is not available.

I just can not find my mistake why my rules do not work.

Example:

Above you say may SMTP Firewall Rules.

In the Source (Quelle), you say may WAN Config. In the Destiantion (Ziel) say my LAN Area an my Hostname from my Mailserver.

WHAT, I've configurate a SMTP(S) Rule, which uncludet Port 25 and 587.

Unfortunately, the rule does not work that way. But way?

I would be glad about help, it will not work.

 

Sorry for my bad English.

LG

 

Tobias



This thread was automatically locked due to age.
Parents
  • 0

    Most likely your DNAT Rule is not correct.

    It is like UTM DNAT.

    Source Destination Forward_To

     

    So basically you have to put WAN into Source. 

    Destination would be your WAN Interface / IP on WAN. 

    And Forward to will be your Mail Server.

     

    If you use a Scanning Policy, you should think about the MTA Mode. 

    It is like the UTM MTA Mode.

    https://community.sophos.com/kb/en-us/125596

    So basically XG will act as a MTA and forward the mail after checking it to your mail server. 

  • 0 in reply to LuCar Toni

    Hi LuCar,

    I had thought that it will work but it does not work.

    I tried it again today.

    I have configurate under Source Zones WAN and Allowed client networks ALL.

    Destiantion host / network = WAN Port.

    Service SMTP

    Proteced Server = Hostname from Mailserver

    Protected Zone = LAN Area

    It does not want to work with the configuration.

  • 0 in reply to TobiasPlagge

    Hi Tobias,

    your DNAT Rule should look like this:

     

    Source Zone: WAN
    Source Networks: Any

    Destination Network: Your WAN Interface

    Protected Server: Your SMTP-Server (In my example I chose Telefonanlage :D)
    Protected Zone: LAN

     

    If you do have E-Mail Protection Licensed you should consider using the SMTP MTA, you can find at E-Mail Protection.
    That would give you some Spam Filtering Options and more protection.

Reply
  • 0 in reply to TobiasPlagge

    Hi Tobias,

    your DNAT Rule should look like this:

     

    Source Zone: WAN
    Source Networks: Any

    Destination Network: Your WAN Interface

    Protected Server: Your SMTP-Server (In my example I chose Telefonanlage :D)
    Protected Zone: LAN

     

    If you do have E-Mail Protection Licensed you should consider using the SMTP MTA, you can find at E-Mail Protection.
    That would give you some Spam Filtering Options and more protection.

Children