• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

SonicWall Firewall question regarding email

I have a SonicWall firewall appliance.  It is set up to route people out to the Internet using NAT from the External interface's public address.  I also have some other available addresses, so I set up a one-to-one NAT mapping to my Internal email server and then set up an access rule to allow WAN traffic (I presume Internet) to reach the public alias of the email server with SMTP & POP3.  However, email is not coming in.  Is there another way to do this -or have I done it incorrectly?
0
Silas
Asked:
Silas
1 Solution
 
geoffrynCommented:
The NAT should be ok, but I think the access rule needs to refer to the private IP address not the public.
0
 
jwalsh88Commented:
You need to find out from Sonic Wall when it does NAT.  If it does the NAT before it checks the rulebase then, like geoffryn said you need to setup the rulebase to allow traffic to the internal not external IP address.  This is the opposite of checkpoint, which you have asked alot of questions about, ...for now.  Supposedly, and I have not played with it yet, checkpoints NG product will change NAT from the last thing done to the first.
0
 
Tim HolmanCommented:
Check your email server is not covered by the global NAT rule that's letting your users out.  If it is, traffic will be leaving with the firewall's address, not the correct NATted address.  You need an 'anti NAT' rule if this is the case, or to create 2 internal network groups covering IP addresses either side of your email server so that it doesn't get NATted incorrectly.
0
 
jwalsh88Commented:
Yes, Silas as tim holman stated I hope you made sure that your static mapping of the emails public Ip address to the Private Ip address happens before your hiding NAT rule translates the internal Emails address to the external IP address assigned to the Sonic Wall to be used for hide NAting.  I have never worked with Sonic Wall but I would hope it logs the traffic in which case you should be able to look through the logs and see what is happening.
0
 
SilasAuthor Commented:
yes -Sonic wall uses the private -you set up a public server.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now