Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 802
  • Last Modified:

Configuring new Watchguard X550e with internal Exchange

Hi experts - I just purchased a new Watchguard X550e for my network and want to verify my settings are correct before my first test run.  

My internal network is 10.8.0.0/13
My internal Exchange is 10.8.2.5
My external IP is 12.229.X.X

For the system manager I added the 1-to-1 NAT of NAT Base: 12.229.X.X and real base of 10.8.2.5.

In my SMTP proxy rule settings I have From: Any-External and for the To: portion I added the host IP of my external interface - should i be adding a static NAT here, or the external interface alias?  I'm just unsure of the correct settings.

Also, I set dyanmic NAT to be 10.8.0.0/13 - Any/External.  Do I need to do anything else with this or is this the only place I need to set it?

Thanks!
0
jmtoman
Asked:
jmtoman
  • 3
  • 3
1 Solution
 
dpk_walCommented:
The settings are fine, just that some details are need to be sure that they are correct:
1. Do you have multiple IPs or single IP address.
 If just one, then you don't need 1-1 NAT.
2. if you have multiple IP addresses and wish to do 1-1 NAT for the SMTP server, then please make sure you have not added any secondary network on external interface for the same IP.
 If you have added secondary network; please remove it.
3. In the SMTP policy in the TO box, if you have single IP then you would configure as:
    12.229.x.y->10.8.2.5
 If you have multiple IPs, then after adding 1-1 NAT, configure TO as:
    12.229.x.z [1-1 public IP]

Please implement and update.

Thank you.
0
 
jmtomanAuthor Commented:
Ok I've changed all my firewall settings and removed my 1-to-1 NAT.  I only have the one IP so, this setup should be good.  I'll be testing everything this weekend to make sure it works alright.
0
 
dpk_walCommented:
Please update about the results.

Thank you.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
jmtomanAuthor Commented:
Sorry for the delay in posting a reply.  I was able to successfully telnet into my mail server through the firewall and send an email, I also was able to use OWA so that works fine.  I have one more general firewall question, under Network->Configuration->WINS/DNS - are these settings relevant to anything, do i even need to set them?
0
 
dpk_walCommented:
No problem; the WINS/DNS settings are used by WG for following purpose:
1. If WG is acting as DHCP Server on the network.
2. Fore remote users [PPTP/IPSec/SSL].
3. For name resolution when using hostwatch or logviewer.

Thank you.
0
 
jmtomanAuthor Commented:
thanks for your help
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now