Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
We'd love to hear about it! Click here to go to the product suggestion community
I would like to get some clarity on how to implement MTA mode on XG Firewall.
Currently I have a UTM firewall with port forwarding to an internal Exchange 2016 server with a third party SSL certificate already installed.
I want to install the XG firewall with MTA mode.
1. Do I install the SAME SSL cert on the XG? The Exchange cert has a .cer extension, but the XG requires a .pem extension. Can I convert?
2. Do I get a NEW SSL cert for the XG? If so, what happens to the existing cert on the Exchange server. Leave it there or remove?
The Point is, XG will be your Outbound MTA, i assume.
So basically it depends on your setup.
You have to give the MTA a hostname for the SMTP transmission.
So XG uses this SMTP hostname for the helo/ehlo.
Do you want to use the same hostname here? Then you have to use the same certificate with privat key. It is important to give XG the privat key as well.
In reply to Joan Miquel Gurdo:
Sophos XG not send the complete cerificate chain (I opened a support case)
if you import CA ROOT, Intermediate CA, and your certificate in separated, the XG is not trusted by others.
Some mail servers need now trusted public certificates like Gmail.
If you instal like that you go to have some mail servers issues.
So use my metod for that not happend.