Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 28129 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is the "Auto added firewall policy for MTA"?

ShunzeLee

Dear Sir,

After switch email protect to MTA mode, 
the XG create the "Auto added firewall policy for MTA" automatically.



But the KB mentions as following,
No firewall rule/business application rule is needed to allow inbound emails in MTA mode
No firewall rule/business application rule is needed to allow the outbound emails in MTA mode.

https://community.sophos.com/kb/en-us/125596

Since no firewall rule/business application rule is needed, why XG create the rule automatically?

What is the rule used for?

Thanks~



This thread was automatically locked due to age.
Parents
  • 0

    Shuze,

    the rule is created automatically once you enable the MTA mode on Email Protection. Firewall rule is needed otherwise traffic is dropped. Try to disable the rule and see that traffic will be dropped.

    I do not why the KB says that. Maybe they consider the fact that the rule is automatically created by the XG.

    Let us know.

    Regards,

  • 0 in reply to lferrara

    Dear Luk,

    After switch to MTA mode, the auto created rule has no any traffic through it.

    But the MTA mode works well, mail can send and receive through XG relay.

    That's what I don't understand about the auto rule...

    Shunze

  • 0 in reply to ShunzeLee

    Hi Shunze, 

    I have not come across any MTA configuration yet, so I think I need to check with other teams about this. If the rule has no real meaning, I think that should be fixed in v16.5.

    Do you see that rule in v16.5?

    Thanks

  • 0 in reply to sachingurung

    I didn't try V16.5 yet,
    so I can't answer you about this.

  • 0 in reply to sachingurung

    It still creates the auto rule in 16.5.  

     

    I just tested and turned off this rule, but email still comes in just fine.

     

    I'm curious like everyone else what this really does or what its for?  Seems like rather than create a rule, it should check the box for SMTP on WAN interface for you under Device Access.  I was about to create a new post until I found this one.  My rule also said 0kb in and out, but everything was working fine.

     

    Thanks

Reply
  • 0 in reply to sachingurung

    It still creates the auto rule in 16.5.  

     

    I just tested and turned off this rule, but email still comes in just fine.

     

    I'm curious like everyone else what this really does or what its for?  Seems like rather than create a rule, it should check the box for SMTP on WAN interface for you under Device Access.  I was about to create a new post until I found this one.  My rule also said 0kb in and out, but everything was working fine.

     

    Thanks

Children