Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 11905 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No traffic through my XG Firewall

Brian Ladley

I have completed the initial setup with my XG Firewall Home Edition which is plugged into my AT&T Arris Broadband router on the WAN port (port 2). Port 2 received an IP address from the modem and the AT&T Arris Broadband router is configured with IP Passthrough point to a Default Server which is the IP address of the WAN port on the Sophos XG Firewall.  I configured a firewall business rule for SMTP as follows:

Source: WAN, allow any client network

Destination & Service: LAN Port1, #SMTP

Forward To: Internal Lab Exchange Server, ports 25,587, Protected zone LAN

No Advanced Policies or restrictions

Uses MASQ

Create Reflexive Rule enabled

 

When I test the SMTP connection using https://testconnectivity.microsoft.com, the IP address is identified from my DNS provider (DynDNS) but the attempt to connect to port 25 fails and I don't see any traffic going through the Sophos Firewall.  What could I be missing?

 

Thanks,

Brian



This thread was automatically locked due to age.
Parents
  • 0

    Hey  

    Welcome to the Sophos Community!

    Please change the destination & service definition on your existing business firewall rule to your public IP WAN address (WAN Port B) instead.
    I would also advise to disable masquerading for this rule as your internal SMTP server would see all traffic appearing to arrive from your XG's internal interface.
    Also I would suggest to create a separate LAN-to-WAN rule to allow outbound access for your SMTP server.
    This would also allow for the segregation of logging for outbound traffic from your SMTP server.

    Regards,

    FloSupport | Community Support Engineer

  • 0 in reply to FloSupport

    I already have the default rule to allow all outbound traffic.  The SMTP business rule goes from WAN (DHCP address from AT&T Arris) to LAN (port 1 = 192.168.2.12) to Exchange Server (192.168.2.5) with ports 25 and 587 open.  I disabled the Masquerading as suggested.  Still no joy.

  • 0 in reply to Brian Ladley

    Hey  

    For further clarification, would it be possible to clarify how you would like to implement your XG?
    Bridged or Gateway

    Also does your ISP allow inbound SMTP port 25 traffic on your internet connection? Some ISP's do not allow this SMTP traffic.
    Please also observe your firewall log for any entries related to the SMTP connection tests.
    This would also assist in confirming if the SMTP connection attempt is being passed along by your ISP's router to your XG properly.

    Regards,

    FloSupport | Community Support Engineer

  • 0 in reply to FloSupport

    I am using the XG in gateway mode.  Prior to implementing the XG firewall, I had my Linksys router plugged into the Broadband router with my Exchange Server hard wired to the Linksys. Inbound and outbound traffic works fine with that configuration.  Now that I have the XG also plugged into the broadband router and the default gateway on my Exchange server pointing to the LAN address on the XG (192.168.2.12), outbound mail seems to work still but no inbound and the tests from testconnectivity.microsoft.com are failing with a warning that port 25 is blocked or not responding.

    Thanks,

    Brian

Reply
  • 0 in reply to FloSupport

    I am using the XG in gateway mode.  Prior to implementing the XG firewall, I had my Linksys router plugged into the Broadband router with my Exchange Server hard wired to the Linksys. Inbound and outbound traffic works fine with that configuration.  Now that I have the XG also plugged into the broadband router and the default gateway on my Exchange server pointing to the LAN address on the XG (192.168.2.12), outbound mail seems to work still but no inbound and the tests from testconnectivity.microsoft.com are failing with a warning that port 25 is blocked or not responding.

    Thanks,

    Brian

Children
No Data