Hi folks,
We have a pair of SG450 Hardware Appliances (Hot Standby Mode) running UTM Version 9.509 acting as Web Proxy Firewalls.
Beyond these we have a pair of Forcepoint Firewall Appliances acting as a DMZ. These appliances recently underwent an upgrade and are now detecting and blocking traffic coming from the Sophos UTM appliances to a range of IP Addresses. Most, but not all, of these IP Addresses resolve to *.ctmail.com.
I understand that ctmail.com plays a part in the anti-spam functionality of the Sophos UTM but I'm not entirely clear as to what this is, maybe someone could clarify.
Can you also tell me if the DMZ firewalls continue to block this traffic, what will happen? Will we lose some of our anti-spam capability? So far, I have not been made aware that anything is wrong. The only place in the UTM logs where I see any mention of these IP Addresses is the 'Fallback Messages' log (sample entries below).
2018:07:03-04:16:26 utm425-1 [local0:err] ctasd[6137]: CMsg::ScanMessage() - CFCHttpClient::ConnectHost() - Connect to 84.39.153.31 timedout
2018:07:03-04:16:32 utm425-1 [local0:err] ctasd[6137]: CMsg::ScanMessage() - CFCHttpClient::ConnectHost() - Connect to 84.39.153.31 timedout
I can create an exception on our DMZ firewall to permit this traffic, but I'm a little bit loathe in doing so until I know exactly what is going on.
Any advice you could give would be much appreciated.
Many thanks,
John P
This thread was automatically locked due to age.
