Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 25 subscribers
  • Views 9452 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 16.01.0 - port 25 not forwarded

RobertMarkusfeld

After reloading our XG115 with the new SFOS 16 firmware, we are not able to receive any emails any longer!

External email servers could not reach our server. After investigating the problem today, we reverted back to SFOS 15.

We are using a business rule for forwarding port 25 to our internal mail server. The forwared emails are SMTP and STMPS scanned by Email Protection. The upgrade was fine yesterday evening and I tested VPN and internet connection after the upgrade. Everything looked fine, but today in the morning I got a note that no emails were received since yesterday evening. So I looked up the protocol and there was NO entry. I took a look at the policies and the were all there and every policy had traffic logged EXCEPT the inbound port forwarding rule for SMTP. I disabled the rule and created a new one with the same settings - no change at all.

Is this a known bug? I couldn't find anything in the forum so far, but after reverting back to SFOS 15, everything works again.

I would really like to upgrade to the new firmware but as long as this doesn't work, I can't!



This thread was automatically locked due to age.
Parents
  • 0

    Hi Robert,

    In such instances, always restore a backup from the previous firmware and verify if that works. There is a known issue that effects v16 reported under NC-10377 which states that the Mail traffic is not allowed through Business application rule without Scanning applied. Not sure if that is related but did you had scanning applied in the business rule?

    Thanks

  • 0 in reply to sachingurung

    Hi Sachin,

    Yes we have scanning applied to our rule. I've just downloaded the new SFOS 16.01.1 and will replace the other firewall with it.

    Here (https://community.sophos.com/products/xg-firewall/f/email-protection/81527/email-protection---mta-mode) seem to be some more details on the same problem as I had. I didn't try the MTA- option since our system is live and my colleagues don't like having their mails delayed.

    I'll try the new firmware as soon as our business closes and will report some more details.

     

    I don't know if restoring a backup would have helped, since I even tryed to do a totally new business rule. But also it says in the 16.01.1 release notes that this isn't working (NC-13543 [Firewall] DNAT rule using Email Servers Template is not working).

Reply Children