This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuration for email protection only behind an existing pfsense firewall

Currently we use Sophos UTM (VMware SW Appliance) in a "Standard" way. External Interface with a public IP address, internal interface in LAN, mails are routed to our internal Exchange Server. This configuration works. But as we already use pfsense as our firewall (and won't change this) Sophos UTM should run behind the pfsense firewall, means the only feature we want to use from Sophos  is the SMTP Email Protection. I tried to search  how to configure the network stuff to get UTM working behind the pfsense firewall but without any succes.

I created a new Sophos UTM machine for testing purposes with only an internal interface. I added NAT and FW rules on pfsense to map a public IP address to this internal interface. The MX record points to the public IP, but when I try to send an email to the domain I get a timeout.

Tried to get the idea behind the full transparent mode but my network knowledge is not good enough to configure it.

Maybe there is an example how to configure Sophos UTM behind an existing firewall using SMTP Email Protection only?

Best regards
Manfred



This thread was automatically locked due to age.
  • Hi, Manfred, and welcome to the UTM Community!

    A single interface is all that is required in your situation.  Just follow Basic Exchange setup with SMTP Proxy (the UTM part works with all mail servers) and you should be fine.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • That means my Sophos UTM Appliance has one interface with an internal IP Address behind the firewall. The MX Record points to a public IP address. In the pfsense firewall there is a NAT port forward from the public IP address (MX Record) port 25 to the internal IP address port 25. There is also a firewall rule allowing this NAT.