Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Sonic Wall to Barracuda

Posted on 2013-01-16
Medium Priority
Last Modified: 2015-05-22
I have just stepped into a networking job that has a sonic wall gateway that I am no familiar with. It is a model: TZ 100 running firmware SonicOS Enhanced It has a public static IP address and a DNS A record is pointed at that IP, the domain's mx record is pointed at the A record which should land at the doorstep of my sonic wall. I have an Exchange server 2003 in my LAN and a Barracuda Spam Filter in my LAN.
I would like to forward mail traffic both in and out through the sonicwall to the Barracuda and from the exchange server to the web.

When sending mail from my gmail account (Outside In) it bounces immediately with this message:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 Unable to relay (state 13).

When sending mail from exchange account (Inside out) I get this after the timeout,
Your message did not reach some or all of the intended recipients.

      Subject:      test
      Sent:      1/14/2013 11:06 AM

The following recipient(s) cannot be reached:

      user@email.com on 1/16/2013 11:21 AM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <wactwfs02.warecpa.com #4.4.7>

Any assistance will be appreciated.
Question by:PaulBurton83709
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 16

Expert Comment

ID: 38786136

Just to let very simple, do followings (take your SNA backup and reset you firewall to default or make sure you undo all changes realted to exchange)

1) Make sure you have Public ip on your SNA WAN
2) please be sure mail.yourdoamin is a associated with your SNA Public IP

to drill down the issue please leave spam filtering aside,,, simply logon to SNA and on the top right side use Wizard to configure your exchange.

Exchange Wizard-01Exchange Wizard-02Exchange Wizard-03Exchange Wizard-04
once above complated you will be able to send and receive emails... if yes we go to next step if no we will troubleshoot exchange.

please also test sending email from internal user to another internal user.
LVL 14

Expert Comment

ID: 38786182
Let's take a step back here.

While the solution above may help you get a little further along, it does not take the Barracuda into account.

What you should be doing (if you want to use the Barracuda box for spam filtering) is to have the Sonicwall send incoming port 25 traffic to the Barracuda.  Then have the Barracuda send sanitized email traffic to your Exchange box.  If you go this route, you need to make sure your Exchange server accepts port 25 traffic only from the Barracuda box.

As for sending email, you can either send directly from Exchange, or use the Barracuda as a "Smart Host".  No matter which way you wish to send out, you need to have a Pointer (aka Reverse DNS) record.  I cannot say for certain, but it might be that if you don't have a Pointer record created, that your outgoing emails are being rejected.

If you suspect the Sonicwall is the cause of your problems, look at the firewall > access rules and look for anything that has to do with port 25.  (See what the Sonicwall does with port 25 traffic coming in - does it go to the Barracuda box, or to Exchange, or is it not set up at all?  Also, for outgoing port 25 is there any kind of rule, or NAT policies?

Hint: when looking at the Sonicwall's firewall rules, look for WAN - LAN to troubleshoot incoming mail flow, and look at LAN - WAN to troubleshoot outgoing mail flow.  Also, hovering the mouse over certain fields will show more information

Author Comment

ID: 38789463
The bulk of the problem was Century Link blocking port 25. After I discovered that there was no traffic on port 25 making it to our Sonic Wall I called Century Link and they removed the block.
Now I can send email, but I am not receiving and mail.

...any thoughts?
LVL 14

Expert Comment

ID: 38790235
Look at the Sonicwall and see what it is set up to do with incoming smtp traffic - if it goes to the Barracuda box, then troubleshoot that, if it goes directly to Exchange, look at that.

Sorry, but without actually being there, a lot of the "work" is up to you.  If you provide more detailed information on what you have observed, we can provide more specific advice/suggestions.  The problem (of not being able to receive email) could be any one, or a combination of, 3 things: Sonicwall, Barracuda, Exchange.  

I suggest you unplug the Barracuda box, and use Gmail to send another test message.  If you see the same error message that you saw earlier, then it will indicate that either the Barracuda is not the problem, or that port 25 traffic is not even making it to the Barracuda box.  If the error message is different, please report back.  (Well, please report back no matter what  :-)  )

Accepted Solution

PaulBurton83709 earned 0 total points
ID: 38895915
This install was using a Century Link DSL with statics. I had the DSL modem configured with the Gateway address of our static block and all firewall features disabled. The Sonic Wall had one of our usable IP's assigned.
It turns out that despite configuring the modem with a static IP, the firmware for the modem was still employing the NAT rules and blocking all the ports that it would have if I were using the modem in Gateway mode.
Weak Century Link... Weak!

Thanks for all your help.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question