Solved

forward Packets on Firewall

Posted on 2009-05-12
2
325 Views
Last Modified: 2015-01-05
All....a question for the ages?
 
have a customer with an exchange server, domain is  abc-america.com, .
We forward the MX records to an offsite email scrubber, IE, Postini, SpamSoap etc. The mail comes in great.
 
The company HQ is in Europe, they required all users to get have an email  user@xyz-europe.com. Currently that mail is
foward via a VPN to the local exhange server, all works okay. The European IT dept generates a list via LDAP query and fowards to the private IP of the exchange server. The particular European server foward can ONLY foward to 1 IP address.
 
We would like to foward these emails to the offsite SPAM site, but there is an issue, we can only use 1 IP address, most of these sites use a rotating IPs in their records. If we had Europe select 1 IP address, then if was rotated, users may get NDR or mail may hang in the sending queue.
 
Our best solution we thought was to use an available public IP (not our exchange server, not currently being used) also on a 2nd ISP provider.  Then Have Europe point to that IP, then foward any traffic on that IP to the offsite Spam washer site (postini, or egivs).

to that end, we have tried to set up a firewall rule redirecting any packets on that Public IP to the SpamWasher site, on the sonicwall NSA3500 we have setup a WAN/WAN rule, that did not work, when I telnet to the PublicIP we provide on port 25, I am not redirected. Sonicwall logs provide no info. When I do a packet capture the packets are arrived and them dropped.

I also have done/tried a NAT Rule under the advice of Sonicwall, that also did not work, same thing.
 
I cannot redirect the entire MX for xyz-europe.com, as I am only concerned with perhaps 60-70 email address.

Has anyone ecountered this problem before, and what was your solution? ISA? Cisco/ Watchguard? a better sonicwall rule?
Looking foward to your replies.
 
0
Comment
Question by:FITFSC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24387292
I am not sure if this would be possible with any firewall product; a router might help. Firewalls are designed with specific design where they keep state of the sessions when the communicating parties go through the firewall [from one physical port to another]; in this case the sessions do not go through the firewall.

If a possibility configure a server on the internal network which would first receive mail from Europe and then redirect the mails to your mail service provider.

Thank you.
0
 

Author Comment

by:FITFSC
ID: 24388941
I think that is what it is comming to,,, a small virtual server to foward the packets on, but kinda of messes with part of the diaster recovery we were hoping with the offsite spam/av provider.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Telepresence on backup 3 79
IPv6 question 1 71
home router to use as repeater  (signal extender) 10 109
Interface traffic report in FortiAnalyzer 1000D 4 45
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question