Issue allowing SMTP in.

Welcome to the forums. A little bit more information would help a lot. How have you configured the access to the internal mail server? Can you post the firewall policy (and everything related, i.e. the VIP definition), please?

Oh, I see. As you are new to this I won' t tell you what is wrong but show you how to make it work. Say, your external (public) IP that stands for your mailserver is 80.80.80.1. - Be aware that it will be " used up" by the configuration below, i.e. it should be available exclusively for your mailserver. And the real server in your LAN hosting Exchange has the 192.168.10.10. Then you take 2 steps: - define a Virtual IP (Firewall>VIP) to make the FG translate the external IP to your internal IP, just for this server: Create New>give it a decent name e.g. " ExchangeVIP" , external IP=80.80.80.1, mapped to IP=192.168.10.10, no further checks. - delete the policy external->internal already in place. - define a firewall policy using this translation: Create New>from: external, source=all, to: internal, destination:ExchangeVIP, service=SMTP Now you should be able to ping the external IP and receive a reply from the Exchange server. If that works please come back and we' ll refine the setup.

No, at the moment you should leave the port settings empty and the " Port Forwarding" box un-checked. Have you tried to ping your external mailserver IP?

I' m afraid I need more information on what is configured and what not. The setup itself is quite simple so it should work right away. You can backup the config to a file, in plain text format. Please post the part named " config firewall" up to the final " end" , or upload the config file itself. In the meantime, why would the server not respond to ping? Is there a software firewall installed on it which might not only block ping but incoming SMTP also?

Thanks. You can edit your last post and delete the attachment now. OK, I see you have defined policy routing from the external IP to the Exchange server' s IP. Delete that please. Then, in policy 8 add " ping" to the service allowed, or select " Any" . I would strongly advise you to specify IP addresses in the address definitions, not subnets. You do so by writing " 1.2.3.4/32" for a single host address. Please test pinging the server now.

Fine. Now you can try to receive email. --- policy 7 is to be changed now. In the form with " Exchange_Server" denoting your whole internal LAN it allows SMTP out from every host on your LAN. You shouldn' t allow that, hosts mail to your mailserver and the mailserver is the only host that can SMTP out. This way, no spam bot on your PCs can mail out. Please change the destination to ALL in policy 7. Your own WAN IP range doesn' t make sense there. ---- policy 9 is not going to work.

ok we will test now. 2 queries from last post 1 - i do not have a policy 9 listed 2 - policy 7 points from exchange to external ip of isp not my wan i think this is correct ? have now chnaged subnemts to single ip' s

1 - i do not have a policy 9 listed

well policy 9 cares for Terminal_Services from internal to external. If you have deleted a policy the IDs may change.

2 - policy 7 points from exchange to external ip of isp not my wan i think this is correct ?

Only if the external mailserver is in the " Keystage" network. Is it? You can enable a protection profile for this policy later.

please clarify this for me: if I telnet to the VIP it connects me to a mailserver, running MDaemon 11.0.2. It calls itself after the domain key...uk Is that your internal mailserver or someone else' s? try for yourself: " telnet ext_ip 25"

whoa... messing around with your ISP' s mailserver IP...they' re not gonna like it! now, what IP do you want to use for YOUR mailserver in YOUR LAN? pick one of the /29 range of wan1, i.e. 185...190.