Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 8668 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Purpose of "Protected Zone" in Business Application Rule for SMTP Server

Martin Lussier

When creating a Business Application Rule for a SMTP server (for inbound emails), we have to select Protected Zone. What is it for? Shouldn’t it be implicit that it applies to the protected server? What happens if I select a zone where the protected server doesn’t reside?

The reason I am asking is because, my SMTP server resides inside the DMZ and logically I selected DMZ as the Protected Zone. However when I do that it drops all outbound SMTP traffic from the DMZ. In order to get the emails to be sent, I have to select LAN as the protected zone. Any idea what might cause that?

Thanks.



This thread was automatically locked due to age.
  • 0

    Martin,

    XG uses Zone concept. So in addition to source and destination IP/Network, you have to make sure that the zone reflect the IP/Network.

    If you need even outbound SMTP connection, you have to create an additional rule (LAN to WAN or DMZ to WAN, depends what are your needs).

    On the business application rule, you can tick the checkbox "create a reflexive rule" so the same rule in opposite direction is enabled.

    Regards

  • 0 in reply to lferrara

    Thanks for the detailed information you gave it helped but you didn't answer the original question: 

     

    What exactly is the purpose of this protected zone? 

     

    As martin asked, do you select the zone the destination server is located in as "protected zone" or what exactly does one select here? 

    I have the exact scenario as Martin: I want to pass through SMTP/S traffic from the WAN to my email server and NOT have Sophos XG interfere in any way.

     

    According to this kb: https://community.sophos.com/kb/en-us/122976 

    • Protected Servers: Select or create an existing host entry for the server.
    • Protected Zone: Select the Zone in which the host resides (LAN or DMZ).

    but Martin said that didn't work for him !?

  • +1 in reply to PreHCM-PK

    The Purpose of "Protected Zone" is the destination Zone of your Webserver / Mail Server.

    I have the exact scenario as Martin: I want to pass through SMTP/S traffic from the WAN to my email server and NOT have Sophos XG interfere in any way.

    In this case, use a simple DNAT. 

    https://community.sophos.com/kb/en-us/122976