Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 28 subscribers
  • Views 1332 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG in MTA mode and 3 WAN-Interfaces ... unable to select the correct outbound interface

dirkkotte

Hi,

configured XG 18.0.4 in MTA mode to send outgoing mail using a single interface.

But XG use another interface ...

i have 3 Gateways ... SMTP should use GW_WAN


Some hints where the error could be?

Thanks,

Dirk



This thread was automatically locked due to age.
  • 0

    Which Interface does the XG use? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    DSL1


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    It uses the IP and the Interface or only the IP and the correct Interface? 

    Because you need NAT and SD-WAN PBR. 

    Maybe you need a Firewall Rule. Check if there is a MTA Rule. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    It use the incorrect interface.

    i have the firewall-rules (and they matches while sending Mails)
    my configuration for SD-WAN PBR ist shown in the screenshot.
    i have a default-masq rule for all outgouing traffic/interfaces...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hi  :  Please share some packets or information or snapshot where you are able to see incorrect Interface/IP for SMTP/SMTPS traffic.

    What is the status of SD WAN policy route for system generated traffic? 

    console> show routing sd-wan-policy-route system-generate-traffic

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Vishal_R

    i see the false IP within mail-header of testmails.

    console> show routing sd-wan-policy-route system-generate-traffic               
    SD-WAN policy route is turned off for system-generated traffic. 

    should i enable this?
    set routing sd-wan-policy-route system-generate-traffic enable
     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hi Before enabling that option I would suggest you may refer some information with reference to that command provided in below KBA :

    support.sophos.com/.../KB-000039331

    Note: You may test it by enabling that option in non working hours for safer side to avoid any issue/interruption and share the result with us.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Vishal_R

    Hello,

    I tried to enable the setting and it seems that the outgoing emails are being sent correctly (but I'm not sure).

    Now, however, the incoming e-mails are no longer transmitted to the internal mail server. (is located within a directly connected network) Is it possible that the SD-WAN-PR also takes over these connections?

    Possible because the route-precedence?

    console> system route_precedence show
    Standard routing priority:
    1. SD-WAN policy routes
    2. VPN routes
    3. Static routes

    So I undo the change.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Change the Route precedence to static, vpn, sd-wan. 

    This will resolve your internal issue. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    thanks, i'll try this asap.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Cookie Information Banner