Solved

SonicWall Firewall question regarding email

Posted on 2001-09-12
5
207 Views
Last Modified: 2013-11-16
I have a SonicWall firewall appliance.  It is set up to route people out to the Internet using NAT from the External interface's public address.  I also have some other available addresses, so I set up a one-to-one NAT mapping to my Internal email server and then set up an access rule to allow WAN traffic (I presume Internet) to reach the public alias of the email server with SMTP & POP3.  However, email is not coming in.  Is there another way to do this -or have I done it incorrectly?
0
Comment
Question by:Silas
5 Comments
 
LVL 11

Accepted Solution

by:
geoffryn earned 25 total points
ID: 6477834
The NAT should be ok, but I think the access rule needs to refer to the private IP address not the public.
0
 
LVL 4

Expert Comment

by:jwalsh88
ID: 6479046
You need to find out from Sonic Wall when it does NAT.  If it does the NAT before it checks the rulebase then, like geoffryn said you need to setup the rulebase to allow traffic to the internal not external IP address.  This is the opposite of checkpoint, which you have asked alot of questions about, ...for now.  Supposedly, and I have not played with it yet, checkpoints NG product will change NAT from the last thing done to the first.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 6482619
Check your email server is not covered by the global NAT rule that's letting your users out.  If it is, traffic will be leaving with the firewall's address, not the correct NATted address.  You need an 'anti NAT' rule if this is the case, or to create 2 internal network groups covering IP addresses either side of your email server so that it doesn't get NATted incorrectly.
0
 
LVL 4

Expert Comment

by:jwalsh88
ID: 6482687
Yes, Silas as tim holman stated I hope you made sure that your static mapping of the emails public Ip address to the Private Ip address happens before your hiding NAT rule translates the internal Emails address to the external IP address assigned to the Sonic Wall to be used for hide NAting.  I have never worked with Sonic Wall but I would hope it logs the traffic in which case you should be able to look through the logs and see what is happening.
0
 

Author Comment

by:Silas
ID: 6488489
yes -Sonic wall uses the private -you set up a public server.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
jump server vs push server 6 98
nmap scanner? 7 82
Manual DNS and blocking mapped drives 8 74
SQL Server Communications Audit 5 31
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now