Mail and webserver issues under XGS136W

Question

Hi community 
 Please i have this issue for our customers, we migrated from UTM9 under SG135 series to new series XGS136W 
 before we start you can find current configuration. 
 
 Appliance are connected to ISP Modem (Router) via port 2(WAN) 
 Port 1 is connected to LAN, no DMZ configured. 
 Customer App embedded in Webserver wish can be access via a domain name outside LAN. 
 Server containing Microsoft Exchange 2013 for mails. 
 Server for AD and DC. 
 
 I used the following configurations: 
 
 Creating DNAT for webserver on the top(Rule 1) 
 Creating DNAT for Exchange server (Rule 2) 
 Using sophos MTA for mail agent 
 
 Bellow the issues: 
 In configuration above, users can access webserver outside LAN without any issue, but they can't send or receive emails. (emails works fine when they are connecting locally) 
 When changing DNAT order webserver become inaccessible while emails works fine. 
 Any suggestions?

LAHCEN DAOUDI · Answer

Hi All 
 Problem solved; 
 For web APP, HTTP/HTTPS services can&rsquo;t be putted on a single NAT rule, since customer didn&rsquo;t have SSL certificate we used HTTP, elsewhere we could use HTTPS. 
 For Emmanuel, even if we use MTA, is obligatory to use DNAT for Exchange 2013. 
 
 Thank you.

emmosophos · Answer

Hello there, 
 Thank you for contacting the Sophos Community. 
 If you&rsquo;re using the Sophos Firewall in MTA mode, you don't need to create a DNAT rule. Just make sure the autogenerated rule for MTA, is on TOP. 
 Regards,

Mail and webserver issues under XGS136W

Top Replies