MTA with multiple alias IP does not work as expected

Question

Hi Everyone 
 
 We setup MTA according to this URL: 
 https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/Email/HowToArticles/EmailSetupMTAModeWithMultipleWANPortsOrAliasIPAddresses/index.html#change-the-route-precedence 
 this will work if traffic is sent from LAN to WAN but does not apply to system generated traffic. The only way that works is to use: 
 set advanced-firewall sys-traffic-nat add destination 0.0.0.0 snat-ip <alias ip> 
 which uses the specified alias ip for ALL system generated traffic which we dont want. 
 
 What can we do?

Vishal_R · Answer

Hi Reza Akhlaghi Thank you for reaching out to the Sophos community team, it looks like you are trying to achieve the email routing defined in the below community RR. If yes then please review the settings and if there are any missing settings please tweak the same as per the suggested steps in that guide with proper downtime to avoid any interruption in live traffic ( safe side take a current backup before any changes) and confirm the issue's status.

Sophos Firewall: How to setup MTA mode when you have multiple WAN ports or alias IP addresses
community.sophos.com/.../sophos-firewall-how-to-setup-mta-mode-when-you-have-multiple-wan-ports-or-alias-ip-addresses

MTA with multiple alias IP does not work as expected

Top Replies