Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

forward Packets on Firewall

All....a question for the ages?
 
have a customer with an exchange server, domain is  abc-america.com, .
We forward the MX records to an offsite email scrubber, IE, Postini, SpamSoap etc. The mail comes in great.
 
The company HQ is in Europe, they required all users to get have an email  user@xyz-europe.com. Currently that mail is
foward via a VPN to the local exhange server, all works okay. The European IT dept generates a list via LDAP query and fowards to the private IP of the exchange server. The particular European server foward can ONLY foward to 1 IP address.
 
We would like to foward these emails to the offsite SPAM site, but there is an issue, we can only use 1 IP address, most of these sites use a rotating IPs in their records. If we had Europe select 1 IP address, then if was rotated, users may get NDR or mail may hang in the sending queue.
 
Our best solution we thought was to use an available public IP (not our exchange server, not currently being used) also on a 2nd ISP provider.  Then Have Europe point to that IP, then foward any traffic on that IP to the offsite Spam washer site (postini, or egivs).

to that end, we have tried to set up a firewall rule redirecting any packets on that Public IP to the SpamWasher site, on the sonicwall NSA3500 we have setup a WAN/WAN rule, that did not work, when I telnet to the PublicIP we provide on port 25, I am not redirected. Sonicwall logs provide no info. When I do a packet capture the packets are arrived and them dropped.

I also have done/tried a NAT Rule under the advice of Sonicwall, that also did not work, same thing.
 
I cannot redirect the entire MX for xyz-europe.com, as I am only concerned with perhaps 60-70 email address.

Has anyone ecountered this problem before, and what was your solution? ISA? Cisco/ Watchguard? a better sonicwall rule?
Looking foward to your replies.
 
0
FITFSC
Asked:
FITFSC
1 Solution
 
dpk_walCommented:
I am not sure if this would be possible with any firewall product; a router might help. Firewalls are designed with specific design where they keep state of the sessions when the communicating parties go through the firewall [from one physical port to another]; in this case the sessions do not go through the firewall.

If a possibility configure a server on the internal network which would first receive mail from Europe and then redirect the mails to your mail service provider.

Thank you.
0
 
FITFSCAuthor Commented:
I think that is what it is comming to,,, a small virtual server to foward the packets on, but kinda of messes with part of the diaster recovery we were hoping with the offsite spam/av provider.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now