Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setup XG to use Barracuda Spam Filter instead of XG

We are having very poor results using the XG email filters.  Management is getting pretty upset about the increase so I would like to put our Barracuda back into place it handles email much better and administration is much better for me as well I feel the XG really lacks in options for managing email.  Anyone ever done this and have examples of the rules you used to get this to work?  I am also having an extremely hard time configuring the XG it is so much different then the Sonicwall and my mind can't make any sense of it.

 

Thanks

 

Chris



This thread was automatically locked due to age.
  • ChristineMeisinger,

    at the moment XG anti-spam is not a complete product yet. If you want to put the Barracuda back, make sure you create proper firewall rule to allow SMTP/S traffic to/from Barracuda to/from Email server.

    As I know at the moment, there is a limitation of setting upstream email relay on XG MTA. So XG has to ship the email to internet directly and not to another mta.

    Regards

  • Well there in is my problem "proper firewall rule" it's not clear how to do this.  At this point I think we are really looking in to bailing on the XG.  Thanks

  • Christine,

    please uplaod a network diagram on how would you put your barracuda back and we will help you.

    Regards

  • I actually think I figured it out and email is going thru the Barracuda now.

  • I am also replacing a sonic wall.  Do you have any transparent interfaces with layer 3 subnetting.  You will need to bypass stateful traffic to achieve the same thing in the xg, but i have 3 internal routers behind the sonicwall that is causing me to discover new ways to handle the extra stress i brought on myself.   A new sonic wall is more expensive and slower compared to the xg but if you don't know everything about the sonicwall like i did...i hope you manage your stress better than me.  

    I had a Cisco ironport that i replaced with the xg email in mta mode.  I am noticing i have to watch the spam filters.  

    Are you having any issues that just doesn't make sense?  

    You can log into the ssh console and

    Type tcpdump - nei any host x.x.x.x and see what's going on.   Do you have any other routers in your network.  Look at the acls and see if you see traffic coming in and going out in different places.  

    You might need to enter a stateful advanced firewall from a source network to a destination network then enter the rule again with making the destination network your source network and your source network the destination network.

    Please let me know what problems you are having with your sonic wall, maybe we can help each other.

    I have been working 4 months on this project but no one has figured out how to make the 3 routers behind the xg function like the way they are configured on sonic wall.  I have already used 8 hours of professional services, maybe that's why dell sold their datacenters to Company XYZ...

  • I have a very simple network but configuring the XG for it is not simple.  No issues with the Sonicwall I can configure those but the XG has been impossible for me to wrap my head around.  I have spent 6 of my 8 hours of Pro Services and they haven't even setup web filtering.  This project has been going on since the first of the year and I'm done.  I have spent countless hours on this and we have 9 locations with really only 2 IT people so I can't make the firewalls a full time job.  I am putting the Sonicwalls back in this weekend and waiting on a quote from Dell for replacements.  I need a product that is mature and easy to manage.  Really want a product to be configured, put into place and just let it do it's job so I can do mine.

  • If you don't mind me asking,  So you have been trying to get 9 XG firewalls to work together?  What were those 6 hours of professional services spent on configuring?  I already used my 8 hours up.   I have learned to never assume something is going to work with the xg,  most firewalls i have seen come with everything wide open and have to work on tightening the security where the xg comes locked down and you have to open up everything.

    I would have placed a xg in transparent bridge mode behind the sonic wall to watch traffic first at one location.   I work at a hospital where i am constantly managing the firewall.  

    Gateway mode with transparent stas authentication  for email,  web users.  Then ipsec tunnels to each location,  if not using sophos access points you manage vlans like any other network, set up dhcp relay if you have dhcp server or if using xg for some dhcp you configure dhcp server for xg to service a interface or vlan from drop down box.

    If you are using multiple lan ports firewall rules need to allow communication between them.

    Are there any special tricks or bugs you have to do for the xg firewalls to function.

    I  apoligize for the long post,  i haven't had my daily caffiene fix yet.   On that note i am going to get some coffee now.

    Good luck with everything!

  • If you don't mind me asking,  So you have been trying to get 9 XG firewalls to work together?  What were those 6 hours of professional services spent on configuring?  I already used my 8 hours up.   I have learned to never assume something is going to work with the xg,  most firewalls i have seen come with everything wide open and have to work on tightening the security where the xg comes locked down and you have to open up everything.

    I would have placed a xg in transparent bridge mode behind the sonic wall to watch traffic first at one location.   I work at a hospital where i am constantly managing the firewall.  

    Gateway mode with transparent stas authentication  for email,  web users.  Then ipsec tunnels to each location,  if not using sophos access points you manage vlans like any other network, set up dhcp relay if you have dhcp server or if using xg for some dhcp you configure dhcp server for xg to service a interface or vlan from drop down box.

    If you are using multiple lan ports firewall rules need to allow communication between them.

    Are there any special tricks or bugs you have to do for the xg firewalls to function.

    I  apoligize for the long post,  i haven't had my daily caffiene fix yet.   On that note i am going to get some coffee now.

    Good luck with everything!

  • As of now we only have 1 XG and 1 XG HA in place at our main office it's talking to Sonicwalls at our other locations.  The 6 hours of PRO Services have been used to configure those devices including setting up the email filter we spent a lot of the time trying to get the email to work.  I don't have VLans we have an MPLS network in place connecting all offices so didn't have to do much to configure that on the XG.  Like I said we have a simple network but it took 6 hours to just configure one location and they never configured web filtering or application filtering and the email filters were placing things in quarantine but still sending those emails to users and also we had an issue with the quarantine disappearing.  I could see things in the logs but could not go to the quarantine to release anything.   It's just been a mess and a daily chore for me to try to figure this stuff out.  When I need to open a port on the Sonicwall it's simple and creates the rules you need but the XG I feel I have to do 3 times the amount to get something to work and it's a crapshoot if I am configuring something correctly.  I feel down the road it will be near impossible for me to manage all locations on the XG without proper training.  If there are tricks to the XG I have yet to find them.

  • Are you still having trouble with basic traffic through the mpls connection.   You may need to bypass stateful traffic and everything works fine.