This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT for Exchange Server with Barracuda Front End

I am trying (and not yet succeeding) with configuring the following:
(addresses have been changed for this example):

1. Exchange Server (on our internal network) at 192.168.1.xx
2. External address for the Exchange server is at 204.205.206.yyy
3. Barracuda SPAM server (used to scan incoming mail) is at 69.70.71.72

- All incoming mail for our organization goes to 69.70.71.72 (This is where the MX record points)

-The Barracuda SPAM server checks all incoming mail for us and relays it to 204.205.206.yyy. (We do not allow incoming mail to our server from any address other then 69.70.71.72)

- Outgoing mail is sent from our Exchange server directly to it's destination Outgoing mail does not go through the Barracuda SPAM server.

My questions:

- Should I use a 1:1 NAT rule here or do I need one SNAT rule for incoming mail and one DNAT rule for outgoing? What would the rule look like?

This thread was automatically locked due to age.

0 BarryG over 11 years ago

Hi,

The 1:1 NAT is designed for NAT'ing whole networks...

DNAT:
source: any
service: smtp (or ANY if running other services on exchange)
dest: External address for the Exchange server

change dest to: exchange internal

SNAT:
source: exchange internal
service: ANY
dest: Internet

change source to: External address for the Exchange server

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

Hi, Blackhawk, and welcome to the User BB!

Once you get comfortable with the UTM, you should evaluate also using it for Email Protection instead of continuing with the Barracuda. The Full Guard solution is less expensive than any three of the five subscriptions combined. Sophos will often make a deal on an initial subscription to make it cost-effective to abandon an existing subscription for a competing product.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel