Solved

forward Packets on Firewall

Posted on 2009-05-12
2
324 Views
Last Modified: 2015-01-05
All....a question for the ages?
 
have a customer with an exchange server, domain is  abc-america.com, .
We forward the MX records to an offsite email scrubber, IE, Postini, SpamSoap etc. The mail comes in great.
 
The company HQ is in Europe, they required all users to get have an email  user@xyz-europe.com. Currently that mail is
foward via a VPN to the local exhange server, all works okay. The European IT dept generates a list via LDAP query and fowards to the private IP of the exchange server. The particular European server foward can ONLY foward to 1 IP address.
 
We would like to foward these emails to the offsite SPAM site, but there is an issue, we can only use 1 IP address, most of these sites use a rotating IPs in their records. If we had Europe select 1 IP address, then if was rotated, users may get NDR or mail may hang in the sending queue.
 
Our best solution we thought was to use an available public IP (not our exchange server, not currently being used) also on a 2nd ISP provider.  Then Have Europe point to that IP, then foward any traffic on that IP to the offsite Spam washer site (postini, or egivs).

to that end, we have tried to set up a firewall rule redirecting any packets on that Public IP to the SpamWasher site, on the sonicwall NSA3500 we have setup a WAN/WAN rule, that did not work, when I telnet to the PublicIP we provide on port 25, I am not redirected. Sonicwall logs provide no info. When I do a packet capture the packets are arrived and them dropped.

I also have done/tried a NAT Rule under the advice of Sonicwall, that also did not work, same thing.
 
I cannot redirect the entire MX for xyz-europe.com, as I am only concerned with perhaps 60-70 email address.

Has anyone ecountered this problem before, and what was your solution? ISA? Cisco/ Watchguard? a better sonicwall rule?
Looking foward to your replies.
 
0
Comment
Question by:FITFSC
2 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24387292
I am not sure if this would be possible with any firewall product; a router might help. Firewalls are designed with specific design where they keep state of the sessions when the communicating parties go through the firewall [from one physical port to another]; in this case the sessions do not go through the firewall.

If a possibility configure a server on the internal network which would first receive mail from Europe and then redirect the mails to your mail service provider.

Thank you.
0
 

Author Comment

by:FITFSC
ID: 24388941
I think that is what it is comming to,,, a small virtual server to foward the packets on, but kinda of messes with part of the diaster recovery we were hoping with the offsite spam/av provider.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port Forwarding on Cisco 881 14 63
Cisco ASA 5512-X Active/Standby HA 4 26
ASA5510 Blocking a Wanted Website/Host 9 26
What is an ASP Table on a Cisco ASA? 3 22
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question