Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
Disclaimer: This information is posted as-is and the content should be referenced at your own risk
When using MTA mode for email delivery, if you have multiple WAN interfaces or public IP addresses, it’s necessary to create an outbound rule to forward mail via one interface or IP address.
Depending on your WAN and alias IP configuration, you must do the following:
To configure these options, do as follows:
Create a NAT Rule for SMTP with the specific IP traffic will be sent from
Enter a name.
Select a rule group or create one. The firewall rule will belong to this group.
If you select Automatic, the firewall rule is added to an existing group based on the first match with rule type and source-destination zones.
Translated source (SNAT)
Translated destination (DNAT)
Translated service (PAT)
Select the WAN interface or alias IP address from which traffic specified in this rule exits XG Firewall.
Note: You can create loopback and reflexive rules for destination NAT rules. They are created using the original NAT rule ID and name. Changing the original NAT rule settings later doesn’t change loopback and reflexive rule settings.
The following screenshot shows an example NAT rule.
Create a SD-WAN Rule with Destination ANY and Service SMTP
Select the interface through which SMTP traffic XG Firewall.
Deleting the interface also deletes the policy route.
Select the level of DSCP marking to match incoming packets for priority. For details, see DSCP Value.
Expedited forwarding (EF): Priority queuing that ensures low delay and packet loss. Suitable for real-time services.
Assured forwarding (AF): Assured delivery, but with packet drop if congestion occurs. Assigns packets a higher priority than best-effort.
Class selector (CS): Backward compatibility with network devices that use IP precedence in type of service.
Source networks and Destination networks
Select ANY as both source and destination networks.
Users or groups
Select the primary gateway to route traffic.
If you delete the selected gateway, XG Firewall will delete the policy route and implement WAN link load balance to route traffic.
If the primary gateway goes down, XG Firewall routes traffic through the backup gateway. When the primary gateway comes back up, XG Firewall routes traffic through it.
If you've configured more than one gateway, select the backup gateway.
If you delete the selected gateway, XG Firewall sets the backup gateway to None.
Override gateway monitoring decision
Select if you want to route traffic through the selected gateway, even if the gateway is down.
The following screenshot shows an example SD-WAN policy route.
Change the Route Precedence to Static - VPN - SD-WAN
Thanks alot. Only one thing, a restart of the sophos is imperative.