This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Working with different domains

I own 4 domains and a local (privat) one.

- domain1.com
- domain1.net
- domain2.com
- domain3.com
- domain3.local (internal network with DNS, DHCP and AD [STAS])

- mail.domain1.com (internet)
- mail.domain3.com (local no access to internet yet - collecting mails from 3 privates mail accounts as gmx, gmail)
- mail.domain2.com

Working with XG135 newest V18.x, RED15, APX320, AP15, AP55C (Still a XG Firewall Home with newest V17.x not connected to the local network)

1. I want all these domain linked over the firewall (master in the web, development local)

2. All certificate based working would love with a SSO just from my local network

2a. Have problem with connecting e.g. with gmail due to smtps checking (certificate problem Outlook-FW-GMAIL)

3. Transfer of the mail over my firewall for local and internet based mail server.

Does someone have dedicated knowledge posts, examples, documents or helpfully entries in the community?

Thanks

Wolfgang

This thread was automatically locked due to age.

Parents

0 FormerMember over 5 years ago

Hi Wolfgang Ritter2

Thank you for reaching out to the Community!

I would request you to provide more information to understand your requirements.

That would be great if you could provide use case of your requirements/questions.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 Wolfgang Ritter2 over 5 years ago in reply to FormerMember

Hi H_Patel

I know it is a lot for one question, I just want to break it down in a few points and I will attach my network structure and a few drawings.

Just let's start with the mail/mail-server.

a.) I have 4 or 5 hosted mail servers includes also GMX, GMAIL

b.) One mail server is hosted local but act just as a pull server for GMX

c.) I use Outlook as mail client

1.) With the firewll rule to check all SMTP/S, IMAP/S traffic is outlook by a few mail server stressed. It seems to be a problem with the certificate. As example by gmail is the communication not consistent. Outlook is awaiting a gmail certificate but get an sophos certificate. What can I do for this issue.

2.) E.g. by domain1.com the mailserver is hosted but the spamfilter is not really good. I want to use XG135 as spam filter. What kind of solution is possible. At 17.x was a discussion to rechange the MX record and to point it the firewall. I didn't try it, because i had to work with a ddns and i was for me to many possible points of error.

3.) Could i work with a Let'scrypt certificate on XG, which is the link from local and also a kind of partner to my hosted mail-server. How ever this could work.

I would be happy if could get links or community post where are descriptions and solutions of these problems. Please don't forget, i working with the newest Version 18.x.

Thanks
Wolfgang

The WEB Hosting part is following after the mail questions.
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 5 years ago in reply to Wolfgang Ritter2

Hi Wolfgang Ritter

First of all, could you please tell us if you have an email protection configured on the firewall? Is it in MTA mode? If it is not configured and you still have that auto-added SMTP/SMTPS rule on top, it will break the email traffic. You are getting certificate warning probably because of that rule or you have web filtering configured with HTTPS scanning.

If you would like to configure spam filtering on XG firewall, please consider MTA mode: http://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/EmailPoliciesExceptionsMTA.html

Let's encrypt feature request: https://community.sophos.com/products/xg-firewall/f/network-and-routing/108931/letsencrypt-how-to-in-xg#pi2151=2

Community Post about using LE certificate on XG: https://community.sophos.com/products/xg-firewall/f/network-and-routing/108931/letsencrypt-how-to-in-xg#pi2151=2

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 FormerMember over 5 years ago in reply to Wolfgang Ritter2

Hi Wolfgang Ritter

First of all, could you please tell us if you have an email protection configured on the firewall? Is it in MTA mode? If it is not configured and you still have that auto-added SMTP/SMTPS rule on top, it will break the email traffic. You are getting certificate warning probably because of that rule or you have web filtering configured with HTTPS scanning.

If you would like to configure spam filtering on XG firewall, please consider MTA mode: http://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/EmailPoliciesExceptionsMTA.html

Let's encrypt feature request: https://community.sophos.com/products/xg-firewall/f/network-and-routing/108931/letsencrypt-how-to-in-xg#pi2151=2

Community Post about using LE certificate on XG: https://community.sophos.com/products/xg-firewall/f/network-and-routing/108931/letsencrypt-how-to-in-xg#pi2151=2

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Wolfgang Ritter2 over 5 years ago in reply to FormerMember

Hi H_Patel

I have no specific email protection activated. The mode is the standard MTA.

The only part which is activated is the HTTPS and the SMTPS filtering. From what i understood is the SMTPS filtering part some kind of rule, which decrypt the datastream and which crypts afterwards the stream again, but with the sophos certificate.

For my point of view outlook can't check against original mail server and deliver me an message about a non successfull test of the certificate.

Thanks

Wolfgang
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 5 years ago in reply to Wolfgang Ritter2

Hi Wolfgang Ritter2

Auto-created SMTP/SMTPS rule will break the email traffic if email protection is not configured. I would request you to disable it or configure email protection to protect your email server and import your server certificate on XG to avoid these certificate warnings.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel