I am using Business policy - non-http to protect SMTP on exchange server. I have created policy with DNAT for port 25 and without masquerading, because for incoming connection masquerading is not needed. But if I enable also Reflexive rule, I would expected that this rule will open port 25 communication from internal Exchange to outside WAN network - opposite than my DNAt rule from WAN to Exchange server for port 25. The fact is that without masquerading enabled on basic rule, then also reflexive rule is not enabling the masquerading, therefore my outgoing smtp traffic is not working. Ok if you want to use reflexive rule with WAN to LAN connections, masquerading should be enabled. But in that case all incoming smtp connections on my exchange server are showing source ip from copernicus internal IP (masquerading source) instead of external smtp servers IP that is sending email to my domain. Second thing is also that reflexive rule also open all traffic from internal exchange server to outside and not just the DNATed port 25?? ...where did I make mistake?
And for the end another observation....I need to debug all those traffic to found out why all traffic is allowed to outside if reflexive rule is enabled and packet capture showed the rule ID that passes the traffic (it was the rule I am explaining about in this thread), but I need to click almost on every rule I have, to find the ID....it would be nice if rule Id would be one of the columns on Policy list menu (or is there another option to see all rules with ID's).
Guest User!
You are not Sophos Staff.
