[BUG] MTA - SMTP Policy - Host Selection

Hi, I tried it on my XG running in a vm (v 16.05 RC1) and added a new host and I am able to see the host when added via hosts and services> IP host (also tried to group it under hosts and services > IP host group). I tried by manually creating a business smtp rule and using the autocreated smtp MTA mode rule. Can you share where exactly the host is not appearing in the GUI. Also, I have had weird gui hiccups with XG and you maybe experiencing one of those[:#]

I can see the hosts when using business rule where hi-lighted 

and in autocreated smtp policy

Hi, I tried it on my XG running in a vm (v 16.05 RC1) and added a new host and I am able to see the host when added via hosts and services> IP host (also tried to group it under hosts and services > IP host group). I tried by manually creating a business smtp rule and using the autocreated smtp MTA mode rule. Can you share where exactly the host is not appearing in the GUI. Also, I have had weird gui hiccups with XG and you maybe experiencing one of those[:#]

I can see the hosts when using business rule where hi-lighted 

and in autocreated smtp policy

Aha... I see it now. The group is not seen as you pointed out only the IP hosts, but that maybe by design. Are you trying to forward to multiple smtp internal servers? I can see the group in allowed/blocked clients but not the destination/forwarded to servers.

Hi Billybob, yeah you actually found another thing I didn't notice.  But I was speaking more of the actual SMTP Rule under "Email".

So in that screenshot, what I did is created Network Objects under Hosts and Services for all of the U.S. O365 networks and also grouped them.  However, under my Email SMTP Rule (Screenshot) I cannot select those objects I created in Hosts and Services.  However, if I create them from that spot in the screenshot I can select them (As you can see).   

One thing more though, it threw an error when I put a network in there from that screen.  It would only let me do a single IP is how I have it now, but the problem is, those are what my Office 365 servers are today, I'm not sure if they ever change.  So better would be to allow a DNS object or let me put all of the networks in there.

I didn't know if I was doing something wrong as I'm just getting into Email Protection on the XG's and so far I really like the MTA Mode, alot like UTM9 just seems to be missing a few things.  We've always used Reflexion, but with Sandstorm now, I think i'd rather use XG's Email Protection (Not sure how much more overhead that causes, but I'll keep an eye on it).

Thanks

Sorry about that... your post clearly stated that you were working with SMTP policy, I guess I was still feeling the effects of eggnog[:D] MTA is pretty nice in XG but it is missing a few features. I had opened a feature request during the last beta about missing features https://community.sophos.com/products/xg-firewall/v16beta/f/sfos-v16-beta-feature-requests/78869/additional-mta-features-needed-in-the-gui Make sure you don't have any of those requirements. The smarthost functionality was a deal breaker for me because not everyone has a static IP with correct RDNS entries. Although  has pointed out that the functionality is present in XG, https://community.sophos.com/products/xg-firewall/f/email-protection/83790/mta-to-smart-host-has-this-been-implemented-in-xg-yet/313533#313533 I haven't tested it.

No Mail manager is also a deal breaker for me... no the whole logging subsystem is a nightmare when you run servers. I don't want to fly blind and not know what XG is doing specially when publishing servers (WAF/SMTP).

I am glad you are trying SMTP, keep us posted on your progress.