Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1989 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 19.5.3 - mails stuck in queue

techno.kid

I'm moving from UTM to XG and are still in the "learning phase" to understand the new concept.

Nevertheless, right now I'm absolutely desperate, because of outgoing emails (XG used as relay with SmartHost) are stuck in the "Mail spool" and I'm not able to get them released. I think it has something to do with the fact that I'm not able to build the right Firewall Rule to allow "local" connections to the outside.

LAN: 192.168.200.0/24
FW: 192.168.200.254
SmartHost: 192.168.200.15

The rule that IMHO should do this, is this one:

But it's a block rule that triggers (which lives behind the one above):

And this is what the Log-File always says:

2024-01-15 12:27:00Firewallmessageid="00002" log_type="Firewall" log_component="Firewall Rule" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="24" fw_rule_name="LAN Internet Reject" fw_rule_section="Local rule" nat_rule_id="0" nat_rule_name="" policy_type="1" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="Port1" out_display_interface="Port1" src_mac="" dst_mac="" src_ip="192.168.200.254" src_country="R1" dst_ip="192.168.200.15" dst_country="R1" protocol="TCP" src_port="49740" dst_port="25" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0"

For me, it looks like "something" is preventing the "Accept" rule to catch... but for days I can't find the reason, not even with the help of Google.

Any thoughts from the experienced community?

Thank you
techno.kid



This thread was automatically locked due to age.
  • 0

    Hello  

    Thanks for reaching out to Sophos Community.

    To confirm, is your smarthost located in the internal network? and does the outgoing email only encounter this issue or also incoming? And has this ever worked before? If yes any changes occur in the firewall prior to this issue? 

    Further, Do you have anything else configured in your Email Protection settings apart from the firewall rules you shared? Also to confirm, does the Allow rule come first before your deny rule? 

    Looking forward to your response. 

    Thanks for your time and patience and thank you for choosing Sophos.

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Raphael Alganes

    Hi Raphael,

    thank you for your instant reply!

    For whatsoever reason, after "playing around" with some of the Email configuration switches, out of a sudden I have to automatically created rules:

    Though I don't see any big difference in those that I manually created, it's working... and I now have the chance to narrow down why it didn't work with manually created rules.

    techno.kid

Unfiltered HTML