Firewall Traffic logs in depth

Question

We have MS exchange servers hosted on our network and Firewall rules, Email filers and NAT configured on our Sophos XG to forward mail to our servers. Recently end users would have reported not receiving certain emails. This is random. After looking at the firewall email logs the mail appears to be sent, but it doesn't hit the user mailbox nor it shows up on the exchange log. I am trying to go deeper into the firewall logs to actually determine which NAT rule would have been used to specificaly determine which mail server it would have been forwarded to. Unfortunately, I can't figure it out or the Firewall doesn't give that kind of logs. I used multiple brands of firewalls and i know this can be done. 
 
 Can the XG give that type of log? 
 How can i can i traverse my historical mail logs to determine which NAT rule was used or which mail server got the mail? 
 To note i have a NAT rule configured with multiple Exchange severs (port 25) with round robin selected has the decision maker.

LuCar Toni · Answer

Debugging of a Mail service on a IP Level is hard. You need to know, which IP the sender is using. Then you need to figure out, if those IPs actually build up a connection. If you have a NAT rule, you only chance is IP, as SFOS is not aware of the RCPT TO and Sender Context (encrypted).

Anil Lutchman · Answer

After further investigation i noticed the firewall using the wrong NAT Rule and maybe that is why i am not seeing what i expected. I need to look into this now before moving forward. Thanks man

Firewall Traffic logs in depth

Top Replies