Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 1413 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External LDAP query through XG210

CCGC

Hi there

 

***Sophos noob alert!

We've recently acquired an XG210 to replace our way below spec Untangle setup, so I'm learning as I go along.

***

Right, with the formalities out of the way, here is my problem:

We use Mimecast for archiving and spam filtering.

I'm trying to get Mimecast Directory Sync to work thorugh the XG but I'm having a torrid time.

In Untangle it was quite simple:

 

I have followed the port-forwarding How-To's and searched the forums but I can;t get it to work.

I'm sure it's something small that I am missing or not understanding, but I'm a bit lost.

My XG is behind my ISP's router, they have confirmed a blanket port-forward pushing all ports to the XG.

I have tried a User/Network rule:

 

But this seems to pass no traffic through.

I have tried a Business Application rule:

With this active I see some traffic being passed by this rule, but When testing the connection from the Mimecast portal it still fails - 'unable to connect to directory service'.

It looks as though the Business Application rule is the correct option here, but it still won't allow the sync to occur.

If I go and look in my Log Viewer and filter for Source port 389 (LDAP) traffic, I see this:

 

 

What else do I need to look at to get this directory sync to work?

Like I said above, I'm pretty sure it's something small that I'm missing, but I've been chasing my tail with this for a week now and at some point one just has to stop and ask for help...

CCGC

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Business Application rules are used for Port Forwarding or DNAT. Would you please enable Rewrite Source Address (Masquerading) and check?

  • 0 in reply to Jaydeep

    Hi Jaydeep

    I enabled Masqerading but it did not seem to help.

    I did, however, notice that this rule does seem to be passing a load of traffic since it was enabled last week:

     

    Also, this weekend while I was actively not thinking about work, a question popped into my head regarding LDAP - I have already set up LDAP authentication between the XG210 and my AD controlled for STAS, and this seems to be working. Might this LDAP setup not be interfering with the Mimecast LDAP connection?

  • 0 in reply to CCGC

    Hi  

    STAS works on entirely different ports than LDAP so it would not interfere at all. Now if you have configured an Authentication server in XG, it will be XG's own connection to the server every time it needs to authenticate a user so it would not interfere in that case as well.

    I suggest you trace the flow of packets going in and out of XG, which should help you identify the issue.

Reply
  • 0 in reply to CCGC

    Hi  

    STAS works on entirely different ports than LDAP so it would not interfere at all. Now if you have configured an Authentication server in XG, it will be XG's own connection to the server every time it needs to authenticate a user so it would not interfere in that case as well.

    I suggest you trace the flow of packets going in and out of XG, which should help you identify the issue.

Children
No Data