Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 7178 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connections issues to IMAP and IMAP SSL

seriald
I recently started using ASG and have been thoroughly impressed by everything so far.

Everything is up and running, but seem to have problems making a connection to IMAP from outside the network.

I've created a DNAT rule to forward to the correct server but connections are being dropped from the outside.

I even tried configuring a Packet Filter rule to allow outside IMAP and IMAP SSL connections from the outside to pass through, but still nothing.

Can anyone think, or suggest anything????

Robert


This thread was automatically locked due to age.
  • 0
    Post a screenshot of the DNAT and Packet filter rule you created...

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    I've attached screen grabs of my current setup
  • 0
    Bruce was right to ask you to post those!

    You can delete the two packet filter rules since you have checked 'auto packet filter rules' in the DNAT definitions.

    You should not need a DNS rule in either packet filter or NAT; turn on the DNS proxy instead.  Aim your internal DNS requests at the IP of 'Internal (Address)'.

    You need to clean up the rest of your DNAT rules.  Let's use #8 as a template: Now, it's 'External (Network) -> IMAP -> Internal (Network) : DNAT to NEPEXCH01 with service change to IMAP'.  Change that to: 
    'Any -> IMAP -> [Additional Address for IMAP server on External interface] : DNAT to NEPEXCH01' (leave 'Destination service' empty)

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thanks for the help guys, but I'm truely baffled about this all.

    I've done more testing, and nothing is working from outside the network, and I'm really not understanding why not. Bob, I made the changes you suggested and its not working at all. HTTP, HTTPS, IMAP and IMAPS are all dropping from the outside
  • 0 in reply to seriald
    As Bob pointed out along with changing your dnat so that the source is "Any", you also need to change where you have "Internal Network" to be "External (Address)". 

    So the rule would be like this ex:

    Source: Any
    Service: IMAP
    Destination: External (Address)

    Change Destination to: NEPEXCH01 (if this is the correct network defintion for the internal IP of the computer you are trying to access)
Cookie Information Banner