?
Solved

Forefront tmg to barracuda

Posted on 2011-03-23
14
Medium Priority
?
1,051 Views
Last Modified: 2012-05-11
I want to pass SMTP traffic from the forefront TMG to the barracuda.  has anyone done this succsessfully?  So far, no matter what kind of rule I set up as soon as i switch off the old ISA server, add the email ip addresses to the TMG server and enable the rule, the SMTP traffic to the barracuda stops.  we are not using exchange server.
0
Comment
Question by:gjcp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
14 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 35206789
The TMG has to have all the IP#s the old ISA had.  There is no "email address".  It isn't going to do you any good if the incoming traffic hits the TMG and the Barracuda doesn't respond back the TMG identically to how it did with the ISA.

You have to use a simple straight SMTP Publishing Rule,...Server Publishing Rule,..aka. a Non-Web Server Publishing Rule using "SMTP Server" as the Protocol (not the regular SMTP)
0
 

Author Comment

by:gjcp
ID: 35207858
I have ALL of the IP addresses that the old ISA had.  I made sure of that before I turned on the rule i made for smtp traffic.  I set up the following rule-
Action = allow
Traffic = SMTP Server
From = Anywhere
to =  the IP address of the barracuda
        requests appear to come from the origional client
networks = external   all IP addresses

I set this up using the "Non-web server protocols"

Any Ideas?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35208366
requests appear to come from the origional client

Change to:

requests appear to come from the ISA

Now what does it do?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 29

Expert Comment

by:pwindell
ID: 35208397
From = Anywhere

Really should be

From = External

However that by itself should not break anything,...it is just good practise to be specific,..."anywhere" is not very specific.
0
 

Author Comment

by:gjcp
ID: 35210464
I will not have a window of opportunity to try the change you suggest until next week.  I will post the results then.  thanks
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35210783
It is not a change,...it is a troubleshooting step,...although if it works you have the option to leave it that way.
0
 

Author Comment

by:gjcp
ID: 35264003
I had a half hour window and  I tried 2 different rule settings and nether one worked.  I created a straight access rule and a non web server rule.  I tried one at a time and they both failed.  I need to try the setting "requests appear to come from the isa"  I realized that I set it to appear to come from the client.  I wont have another window of opportunity to try anything else until next week.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35283492
Ok, that's fine.  I'll get an email alert when you post back.
0
 

Author Comment

by:gjcp
ID: 35337018
ARRG! all experments have failed.  I almost wish I could put isa 2004 on the win2008 server!  It is strange that all of the other rules work just fine, but for some reason i cant get the smtp traffic to go to the barracuda.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35342190
Well, the ISA part is extremely simple,...it is just a very simple striaght forward Non-Web Server Publishing Rule with External as the Source,..the IP of the Barracuda as the Target,...and the Protocol is "SMTP Server" (not the regular SMTP).  It is just that simple,...no more complex than that.

The Barracuda then has to be a SecureNAT Client of the ISA so the response packets follow the same path out that it came in on.

If it is not working after that then you have some other issues that go beyond the ISA.
0
 

Author Comment

by:gjcp
ID: 35343720
Well I guess my issues go beyond the forefront tmg server.  It is really frustrating since all the other rules work just fine.  You are right, the rule itself is simple, and works correctly on the old isa 2004 server. I have never experienced such a crazy problem and i have been at this for 20+ years!
0
 

Accepted Solution

by:
gjcp earned 0 total points
ID: 37456568
Turned out that it was actually a port problem on a switch.  We switched cables and everything started working
0
 

Author Closing Comment

by:gjcp
ID: 37478667
It turned out to be a faulty switch
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37456710
Ok, very good.  Glad to hear you got it worked out.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question