Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mail and webserver issues under XGS136W

Hi community 

Please i have this issue for our customers, we migrated from UTM9 under SG135 series to new series XGS136W

before we start you can find current configuration.

  • Appliance are connected to ISP Modem (Router) via port 2(WAN)
  • Port 1 is connected to LAN, no DMZ configured.
  • Customer App embedded in Webserver wish can be access via a domain name outside LAN.
  • Server containing Microsoft Exchange 2013 for mails.
  • Server for AD and DC.

I used the following configurations:

  • Creating DNAT for webserver on the top(Rule 1)
  • Creating DNAT for Exchange server (Rule 2)
  • Using sophos MTA for mail agent

Bellow the issues:

In configuration above, users can access webserver outside LAN without any issue, but they can't send or receive emails. (emails works fine when they are connecting locally)

When changing DNAT order webserver become inaccessible while emails works fine.

Any suggestions?



This thread was automatically locked due to age.
Parents Reply Children
  • Hello Lahcen,

    Thank you for the update.

    If you feel comfortable sharing some screenshots of the configuration, please share the following ones:

    1) Your MTA Policy

    2) Auto Added Firewall policy for MTA

    3) Licensing (A-la-carte subscription modules = Email Protection)

    4) Device Access WAN/LAN SMTP Relay

    Otherwise, please open a case with Support and share the Case ID so we can monitor the resolution.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Did you configure a "SMTP Policy"?

    This has to include the domains you want to receive mails for and how to route them to your internal Exchange Server.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.