Hey there,
we used a mail server behind the sophos with a specific domain. The domain pointed to one of our Interfaces. We used a DNAT-Rule to redirect all mail specific traffic on this interface to the mail server. It worked fine. Now i needed to switch mail server but i am not able to easily change all mail-configuraitions on the end-devices. So i set up the new mailserver and a new dnat rule which redirects to the new mailserver. The two rules look like this:
Any -> Mail-Services -> OldDomain -> NewDomain (NewDomain is a static host in the UTM)
Any -> Mail-Services -> Specific Interface (to which the mx-records point) -> NewDomain
This also works fine. Well for most of my office. Every user was able to connect without any changes to the configuration on the end-device itself. But not in the Main-Office.
It works for devices outside of the Network (we are not using the utm's mail-protection so the mail-server is reachable from outside). It works for our VPN Users (own IP Range). And it works for our 5 RED networks (all with each own IP Range like 11.0.104.0/24). But not for everyone in the main office with the IP Range 11.0.7.0/24.
I already tried to set up a specific DNAT-Rule for this Group of users via the Internal Network as Source (11.0.7.0/24) or a specific ip range (11.0.7.100 - 11.0.7.200 is our dhcp range) or for a specific ip (my own device). It doenst work and doesnt show up in the Log files. All Internal Devices (HeadOffice) try to connect to the old server. I also tried to set up a
Internal -> Any -> OldDomain -> NewDomain
just to get redirected anyhow. But also this doesnt work. It ssems like the Sophos UTM is ignoring the DNAT-Rules for my Internal Network. Can you tell me why?
Greetings
This thread was automatically locked due to age.
