What is the "Auto added firewall policy for MTA"?

Question

Dear Sir, 
 After switch email protect to MTA mode, the XG create the "Auto added firewall policy for MTA" automatically. 
 
 But the KB mentions as following, No firewall rule/business application rule is needed to allow inbound emails in MTA mode No firewall rule/business application rule is needed to allow the outbound emails in MTA mode. https://community.sophos.com/kb/en-us/125596 
 Since no firewall rule/business application rule is needed, why XG create the rule automatically? 
 What is the rule used for? 
 Thanks~

sachingurung · Answer

Hi Shunzee, 
 I think, Technical Writer wanted to convey that no firewall rule is needed to be manually defined as automatic rules will be created by XG. I will get it corrected. 
 Where is the rule used? As you can see it is a business rule with SMTP scanning, it clearly defines the purpose of the rule. 
 Thanks

sachingurung · Answer

Hi DM, 
 Is your Email client explicitly connecting to the MTA? Auto rule is for transparently intercepting the Email traffic when Email-Clients are not defined to connect the IP address of MTA. 
 When the Email-Clients are connecting to the MTA IP address explicitly, then you just need to enable MTA for respective zones in the Device Access settings. 
 Thanks