Solved

Pop3 thru sonic wall

Posted on 2004-08-22
9
1,087 Views
Last Modified: 2013-12-19
Previous setup: Windows NT Exchange 5.5, direct one to one NAT translation with external IP address thru Sonic Wall Pro 200 with Field Salespersons accessing email thru pop3 request from exchange server.

Current:
1.Installed Symantec Gateway for SMTP
2.Changed direct NAT thru Sonic Wall to point at SMTP Gateway
3.Installed DNS Server on Domain
4.Created rule to open port 110 thru Sonic Wall (POP3 request to LAN)

All works fine except POP3 accounts cannot log in.
Sonic Wall Pro 200 does not have a direct port forwarding option, that I can find, to point POP3 requests directly to the exchange server and bypass the SMTP Gateway and their tech support is in India.(They have been helpful but the language barrier is difficult and I do not know if they exactly understand my issue)
0
Comment
Question by:itsmedtt
  • 5
  • 4
9 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 11868375
hi itsmedtt, what you need is just a port forwarding for incoming POP3 access. i am not sure if SonicWall Pro 200 does not support this, you know, it is very common feature which is supported by most firewall prodcuts. could you please tell me the URL that i can download its user manual for study. thanks, bbao
0
 

Author Comment

by:itsmedtt
ID: 11873931
http://www.sonicwall.com/services/pdfs/InternetSecurityApplianceFamilyManual.pdf

This is the only link that I found for them.

I was thinking of buying a Linksys router that as port forwarding on it and sticking it in front of the Sonicwall, doing a one to one nat translation to the Linksys and seperating the ports there as a temporary solution to buy me time for research and evaluation of a more permanenet solution. Can you think of any holes in that temp solution?
0
 
LVL 37

Expert Comment

by:bbao
ID: 11874596
you can do it, with the "Public LAN Server" feature of this box, by adding a known service, you may make your email server visible on the internet. btw, you may even custom a specific server that is not listed in its list of known service.

thanks for the manual's URL, you may find more detailed information from page 129 to 130.

hope it helps,
bbao
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:itsmedtt
ID: 11877797
Greetings,

Yes I have already set those rules. And port 110 is open to the LAN. I have also verified that port 110 on the exchange is listening. I am not certain but I think that the issue maybe in the DNS settings. I have set the MX record toward the mail server.

Ay other suggestions?
0
 
LVL 37

Expert Comment

by:bbao
ID: 11877848
> Yes I have already set those rules. And port 110 is open to the LAN.

you mean you have already tried to open port 110 using the public LAN server feature of the firewall?

> I have also verified that port 110 on the exchange is listening.

how did you vierify that the port 110 is under licstening status? by using "TELNET ExchangeServer 110" command from the outside?

> I am not certain but I think that the issue maybe in the DNS settings.

who resolves the DNS name for your domain name? your local DNS server or your local ISP?

> I have set the MX record toward the mail server.

try "TELNET IPaddress 110" at first

later,
bbao
0
 

Author Comment

by:itsmedtt
ID: 11888117
Yes I have already set those rules. And port 110 is open to the LAN.

>you mean you have already tried to open port 110 using the public LAN server feature of the firewall?

Yes, I have set the service feature allowing pop3 access thru the firewall and also etablished the rules to allow it access the IP address of the Exchange server.

>how did you vierify that the port 110 is under licstening status? by using "TELNET ExchangeServer 110" command from the outside?

I ran a port scan on the server from the server. ( per directions from support.microsoft.com, the link is at work or I would add to post, sorry)

>who resolves the DNS name for your domain name? your local DNS server or your local ISP?

The ISP has been the only DNS running for the Domain. Last Thursday the subscription for Sonic Wall virus filter expired.( I am new on this network, just started a few weeks ago and have been trying to extinguish fires and learn the network) The company had already purchased the symantec enterprise suite but had only installed the coporate virus protection. When the when the firewall stopped stripping attachments we were flooded virus and adware. As soon as I realized the problem I grabbed a spare box and installed The Symantec Gateway. It needed a local DNS so I I brought up another box for DNS. Then I redirected the NAT one to one from the exchange server to the Gateway. All seems to be working well with the exception of a few workstations with Office 2003 not being able to connect to the exchange server (I added the local DNS server in their network settings and they are working fine now) and access to POP3 from the internet.


try "TELNET IPaddress 110" at first
0
 

Author Comment

by:itsmedtt
ID: 11894990
OK found the problem posted at symantec.
They list a work around. Seems a little fuzzy to me. Do you have any insight or greater detail on how to accomplish this?
http://service1.symantec.com/SUPPORT/ent-gate.nsf/dc983c4134c90dfd88256c0e00592490/a0580e488ff140c188256dcf0001a3e0?OpenDocument&src=bar_sch_nam
0
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 11895501
hehe, it looks that symantec solution is so strange. :) so it seems you should setup symantec gateway software on another machine (or same machine with additional IP), then change your DNS server's settings to distinguish server-server and client-server smtp taffic, and define new firewall rules to forward incoming smtp requests to different servers. can you reconfigure your DNS and symantec SMTP gateway?
0
 

Author Comment

by:itsmedtt
ID: 11897677
Thanks bbao,

I think I got it. Used another static IP from ISP called it pop.mail.mydomain.com, ran NAT thru Sonic Wall  and all seems right with the world.

Thanks
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
An article on effective troubleshooting
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question