This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG v18.5: MTA mode and alias IP addresses

My specific problem now is I can't get the MTA mode and alias IP addresses to work. Tried following the instructions in   and https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122602/sophos-xg-how-to-setup-mta-mode-when-you-have-multiple-wan-ports-or-alias-ip-addresses and I also followed the hint with the Alias IP in "Translated Source" and the recommendation "D-Wan can't be used for routing traffic through alias addresses!! It's only used if you have multiple uplinks/providers!" in the description RE: XG v18.05: MTA mode and alias IP addresses 

Can anyone please help me?

But it is not working.

NAT rule



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Dirk, thank you for your reply. As far as I know, SD-Wan can only be used when multiple Internet Service Providers (WAN-Ports) are available. Did I understand this correctly?

    Can I skip the "Create a SD-WAN Rule with Destination ANY and Service SMTP" point in the instructions and only execute the two commands below?

    set routing sd-wan-policy-route system-generate-traffic enable
    system route_precedence set static vpn sdwan_policyroute

    Do you see a risk here because the system is a production environment and I have no experience with SD-Wan. could i contact you directly about this?

    Best regards

    Fridolin

  • Hi Fridolin,

    you can use SD-WAN with only one ISP too. (i use this at home, because traffic is counted)

    But right, it is created to distribute traffic over multiple provider.

    The part "If you have a single WAN interface with multiple alias IP addresses. Configure a NAT rule for SMTP with the specific public IP traffic that traffic will be sent from."

    from : https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122602/sophos-firewall-how-to-setup-mta-mode-when-you-have-multiple-wan-ports-or-alias-ip-addresses

    should work ...

    But I think after MTA is processing the mail, your exchange isn't the source any more.

    Try "any" within your source NAT and if it works, check logviewer to tune the rule more specific.

    Feel free to send me a PM. But I am very busy currently.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Thanks Dirk, I could solve the issue by select Any as original source. 

    However, it is still unclear to me why the IP of the exchange is not the sender and can be set as a source.