Configuring new Watchguard X550e with internal Exchange

Hi experts - I just purchased a new Watchguard X550e for my network and want to verify my settings are correct before my first test run.  

My internal network is 10.8.0.0/13
My internal Exchange is 10.8.2.5
My external IP is 12.229.X.X

For the system manager I added the 1-to-1 NAT of NAT Base: 12.229.X.X and real base of 10.8.2.5.

In my SMTP proxy rule settings I have From: Any-External and for the To: portion I added the host IP of my external interface - should i be adding a static NAT here, or the external interface alias?  I'm just unsure of the correct settings.

Also, I set dyanmic NAT to be 10.8.0.0/13 - Any/External.  Do I need to do anything else with this or is this the only place I need to set it?

Thanks!
jmtomanAsked:
Who is Participating?
 
dpk_walConnect With a Mentor Commented:
The settings are fine, just that some details are need to be sure that they are correct:
1. Do you have multiple IPs or single IP address.
 If just one, then you don't need 1-1 NAT.
2. if you have multiple IP addresses and wish to do 1-1 NAT for the SMTP server, then please make sure you have not added any secondary network on external interface for the same IP.
 If you have added secondary network; please remove it.
3. In the SMTP policy in the TO box, if you have single IP then you would configure as:
    12.229.x.y->10.8.2.5
 If you have multiple IPs, then after adding 1-1 NAT, configure TO as:
    12.229.x.z [1-1 public IP]

Please implement and update.

Thank you.
0
 
jmtomanAuthor Commented:
Ok I've changed all my firewall settings and removed my 1-to-1 NAT.  I only have the one IP so, this setup should be good.  I'll be testing everything this weekend to make sure it works alright.
0
 
dpk_walCommented:
Please update about the results.

Thank you.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
jmtomanAuthor Commented:
Sorry for the delay in posting a reply.  I was able to successfully telnet into my mail server through the firewall and send an email, I also was able to use OWA so that works fine.  I have one more general firewall question, under Network->Configuration->WINS/DNS - are these settings relevant to anything, do i even need to set them?
0
 
dpk_walCommented:
No problem; the WINS/DNS settings are used by WG for following purpose:
1. If WG is acting as DHCP Server on the network.
2. Fore remote users [PPTP/IPSec/SSL].
3. For name resolution when using hostwatch or logviewer.

Thank you.
0
 
jmtomanAuthor Commented:
thanks for your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.