Skip to main content
demein
demein
New Member
May 9, 2025
Question

How to direct outbound mail (from mail server) to a certain WAN port?

  • May 9, 2025
  • 4 replies
  • 995 views

I'm using SD WAN and I have 1 wan port which has a public ip (which I use for my mail server) and the other wan port has a private ip (behind cgnat).

My inbound mail is port forwarded from the public ip to the mail server. However, I noticed an issue when the mail server sends email out, it tries to send it over the second port (behind cgnat) and this causes the email to fail to send. Is there any way to set up a sd wan rule to force all outbound smtp mail exiting the mail server to go over wan1 (public ip)?

Any help would be appreciated.

4 replies

kaman
Staff
kaman
Staff
May 10, 2025

Hi Demein,

Yes, you can create an SD-WAN rule placed above the general rules, specifying the mail server as the source and the destination IP and port for outbound mail, then configure the preferred interface.

Additionally, you can choose the protocol as TCP, UDP, or ANY, define the port range, and set the interface selection strategy to Manual.

Please refer to the document below for more information:
https://docs.fortinet.com/document/fortigate/6.4.2/sd-wan-deployment-with-zscaler/256930/configuring-sd-wan-rules


If you have found a solution, please like and accept it to make it easily accessible to others.


Regards,
Aman

    alouadifama
    alouadifama
    New Member
    May 10, 2025

    Yes, you can and should configure a policy-based route on your SD-WAN device to force all outbound SMTP traffic from your mail server to exit via the public IP WAN port. This is important for email deliverability and to avoid being blocked or marked as spam due to IP mismatches or lack of reverse DNS.

    sjoshi
    Staff
    sjoshi
    Staff
    May 11, 2025

    Hi demein,

     

    If you have not setup port forwarding under VIP config even the outbound traffic takes the external IP of the VIP but it is better to setup the sdwan rule so that you have the control to route the traffic for specific source towards specific destination

     

    If you have found a solution, please like and accept it to make it easily accessible to others.

    Thanks, Salon
    Yurisk
    SuperUser
    Yurisk
    SuperUser
    May 11, 2025

    As others already mentioned - yes, you can create and explicit manual SD-WAN rule for SMTP traffic to use wan1 as outgoing interface, BUT one thing to consider - there is always the Implicit rule at the bottom, which is always active and you cannot delete it. So, if using SD-WAN rule as depicted this will work, but if the wan1 port becomes unusable from SD-WAN health-check point of view - the Implicit SD-WAN rule kicks in and you SMTP traffic will still pass via other interface behind CGNAT. If this is to be avoided at the cost of redundancy/down time - then using manually created Policy-Based Route, which will automatically have higher priority over SD-WAN rules, may be needed. With PBR, if wan1 fails, it will not fail over to the next interface unless is configured so.

     

    Terms & ConditionsAccessibility statement