My specific problem now is I can't get the MTA mode and alias IP addresses to work. Tried following the instructions in and https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122602/sophos-xg-how-to-setup-mta-mode-when-you-have-multiple-wan-ports-or-alias-ip-addresses and I also followed the hint with the Alias IP in "Translated Source" and the recommendation "D-Wan can't be used for routing traffic through alias addresses!! It's only used if you have multiple uplinks/providers!" in the description RE: XG v18.05: MTA mode and alias IP addresses
Can anyone please help me?
But it is not working.
NAT rule
Do you configure "set routing sd-wan-policy-route system-generate-traffic enable" and "system route_precedence set static vpn sdwan_policyroute"
from your linked URLs https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122602/sophos-firewall-how-to-setup-mta-mode-when-you-have-multiple-wan-ports-or-alias-ip-addresses
or from https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/CommandLineHelp/DeviceConsole/Set/index.html#routing
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
Hi Dirk, thank you for your reply. As far as I know, SD-Wan can only be used when multiple Internet Service Providers (WAN-Ports) are available. Did I understand this correctly?
Can I skip the "Create a SD-WAN Rule with Destination ANY and Service SMTP" point in the instructions and only execute the two commands below?
set routing sd-wan-policy-route system-generate-traffic enable system route_precedence set static vpn sdwan_policyroute
Do you see a risk here because the system is a production environment and I have no experience with SD-Wan. could i contact you directly about this?
Best regards
Fridolin
Hi Fridolin,
you can use SD-WAN with only one ISP too. (i use this at home, because traffic is counted)
But right, it is created to distribute traffic over multiple provider.
The part "If you have a single WAN interface with multiple alias IP addresses. Configure a NAT rule for SMTP with the specific public IP traffic that traffic will be sent from."
from : https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122602/sophos-firewall-how-to-setup-mta-mode-when-you-have-multiple-wan-ports-or-alias-ip-addresses
should work ...
But I think after MTA is processing the mail, your exchange isn't the source any more.Try "any" within your source NAT and if it works, check logviewer to tune the rule more specific.Feel free to send me a PM. But I am very busy currently.