Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SMTP Traffic on Firebox 700

Status
Not open for further replies.
gavinrulon

gavinrulon

IS-IT--Management
Nov 1, 2002
1
US
the problem:
Running Exchange behind Firebox 700. Exchange could not communicate with other ESMTP servers, such as, hotmail.com. we removed the SMTP Proxy and put up the lesser SMTP filter. Communications with hotmail, et. al. were restored.
(see Ms Knowledge Base Article #Q312415 )
but we lost our protection that the firewall provided to smtp traffic.

the answer: (thks to WatchGuard TechSupp)
If you are running WFS 6.0. You can use the SMTP Filter for your outgoing traffic and continue to use the SMTP Proxy for the incoming traffic. This config allows the SMTP proxy to continue to protect your network.
I know this seems very simple and logical, but if you didn't know WFS6.0 could do it, then you may not even try it. I hope this helps someone.
 
The SMTP Proxy service doesn't add a whole lot of usefulness in my opinion anyway. Unless of course masquerding address patterns or controlling outbound header patterns is of interest.

The greatest advantage I have found, aside from the one you have described above, is that it also reduces load on the firewall to use the SMTP Filter for outbound. We had issues on occasion with load using the Proxy for outbound connections. Switching to the filter cleared that right up.
 
I'd have to disagree with NtrOP. There are plenty of benefits to using the SMTP proxy

1) content filtering. Blocking specific file types at the frewall
2) Message size restrictions
3) address space restrictions

When you say your server couldn't communicate with other SMTP servers, try a few of the followin:

1) Get your ISP to add a DNS entry for your firewall. Many mail servers perform a reverse lookup. Mail transmitted through the SMTP proxy will appear to come from the firewall not the mail server, so a DNS entry is needed in your forward and reverse lookup zones for that host.

2)Under default packet handling on your firebox, uncheck the option to autoblock source of packets not handled. Many Mail servers issue auth requests or similar on different known ports. Your firewall might be blocking the hosts as a result.

3)Add an AUTH rule to your firewall that allows both your mail server and firebox outbound and inbound to your firebox and mail server (NAT as per your SMTP rule)
 
Allow me to further clarify my statement (to my own embarrassment), I meant the SMTP Proxy for outbound. For inbound it most certainly is useful.
 
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
716
Sameer258
Sameer258
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
170
Russtoleum
Russtoleum
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
201
hairlessupportmonkey
hairlessupportmonkey
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
166
PauS0n
PauS0n
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
172
mcisar
mcisar

Part and Inventory Search

Sponsor

Back
Top