Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 30073 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rewrite Source Address (Masquerading) Option

SophosNewby

When choosing the "Rewrite source address (MASQ) -> Use Outbound Address = MASQ on a Business Application Rule (WAN to LAN rule ) will this retain the correct alias IP I have assigned.

My "Destination Host/Network" in my rule is set for alias #2 assigned to Port2. ex. #Port2:0-X.X.X.98. The primary IP on the WAN interface is X.X.X.97.

 

Or should it simply be left unchecked.

 

 

Thank you.



This thread was automatically locked due to age.
Parents
  • 0

    Hey  

    Would it be possible to please share a screenshot of the firewall rule you are describing.
    Also could you explain why you would like to source-NAT this external inbound traffic?

    Regards,

    FloSupport | Community Support Engineer

  • 0 in reply to FloSupport

    This is an inbound Business Application rule for SMTP. I think this is a case of 1 To 1 NAT and that shouldn't be checked, only Reflexive rule.

  • +1 in reply to SophosNewby

    Hey  

    I would leave masquerading for this inbound SMTP rule off as this would cause your SMTP server to see all traffic appearing to be from your single WAN alias IP. I would also advise to create a separate outbound LAN-to-WAN firewall rule for your SMTP server rather than using the reflexive rule option. This would allow for segregation of logging for this outbound traffic and also the ability to select which outbound services your SMTP server is allowed to access.

    Regards,

    FloSupport | Community Support Engineer

Reply
  • +1 in reply to SophosNewby

    Hey  

    I would leave masquerading for this inbound SMTP rule off as this would cause your SMTP server to see all traffic appearing to be from your single WAN alias IP. I would also advise to create a separate outbound LAN-to-WAN firewall rule for your SMTP server rather than using the reflexive rule option. This would allow for segregation of logging for this outbound traffic and also the ability to select which outbound services your SMTP server is allowed to access.

    Regards,

    FloSupport | Community Support Engineer

Children