Some background on this setup.
Licence is for 100 active IP.
Setup has two external IP ranges:
/26 and /24
The /26 range is bound to a network card and uses IP from .65 to .126
This is the network interface that is selected as the DG (Checked in config as DG) with IP .126 as the primary interface for UTM and .125 being the ISP router IP used in the DG ip address setting. The /24 range is .1 to .254 on a VLAN interface with .1 being the primary IP. No DG selected.
All NATS are built using these two external networks address ranges.
There are two Internal networks:
Both are /16 (172.17 and 172.18) with IP .1 as the primary IP on each segment.
There are two Masquerading rules for both internal networks.
SNAT is used in some cases (some e-mail servers to tie IP to each instance) but majority of rules are using DNAT only. This has been setup for a few years this way and only the 172.x networks were seen as internal.
Two weeks ago Email Protection was enabled using SMTP profiles. Initial config mistake was made to use "transparent mode" which caused some issues with other smtp services so that was disabled. MX records were setup to send mail to the .126 address which works fine with SMTP profiles. This has been working perfectly.
Ever since this Email Protection has been enabled most of the /24 external range is now seen as internal and is being counted. I did clear the IP count table as initially I thought it was the transparent mode that caused the spike in IP addresses.
How can I get this setup to stop counting these external IP as internal when Email Protection is enabled?
This thread was automatically locked due to age.
