This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Load Balancing Web Mail (HTTPS traffic)

Hi all,

I hope anyone will support me with this case. I have a diagrams with exchange server 2016 and sophos :  2 Exchange Server (Mailbox01 & 02 )--> Sophos UTM --> Firewall draytek

In sophos UTM is SMTP security. And now, I want to configure load balancing web mail exchange 2016. As research, sophos UTM has a features " Server Load Balancing". I had configure but can't access to Exchange Server webmail. In my understanding, virtual server is IP of sophos and NAT ip sophos with port 443 through Draytek. So , I configured as above , right ? and Should I create a rule on sophos ? Please help and advise me .Thanks in advance. My English is not good to display. 

CHA-EX01 : 10.84.0.18/24

CHA-EX02: 10.84.0.19/24

Sophos in DMZ zone : 10.84.5.4/27.

 



This thread was automatically locked due to age.
  • Hi There, Are you going to receive the traffic for the exchange server on your DMZ-eth0 Interface? In Virtual Server, you should mention the Address where you expect the request traffic to come. Also, make sure that you have configured proper DNAT rule on your upstream Draytek.

    Regards

    Jaydeep

  • Hi Jaydeep,

    Thanks for your reply. Yes, DMZ-eth0 interface receives the traffic for exchange (out and in). Sophos is mail gateway. I also configured rule NAT port 443 on Draytek with IP internal : 10.84.5.4 that is IP of sophos and IP external : 113.176.95.211. Additionally, I check port 443 with external IP , it still close. Should I create a rule on sophos UTM ?

    Any advice for me.

  • If I configured correct as above, Can I access with webmail in internal by IP 10.84.5.4 and it will point to 10.84.0.18 or 10.84.0.19 ? Please give me an explanation. Thanks so much. 

  • Yes, in your Internal network, you will be able to access by IP 10.84.5.4 as long as that is configured for the WebMail. Please check that and see if it works or not. That will confirm if UTM is causing an issue. Further, also check that you don't have any DNAT rule configured for that DMZ-eth0 Interface on UTM itself. 

    Regards

    Jaydeep

  • Chao Tuan and welcome to the UTM Community!

    I think you will want to use 'Webserver Protection >> Web Application Firewall' for this instead of 'Server Load Balancing'.  Just use the CHA-EX0# servers as Real Servers in a Virtual Server that doesn't have a Firewall Profile and that is set to "Monitor" instead of "Reject" traffic.  If you study here, you will find recommendations on how to create more security for web access using WAF.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA