Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AndrewX
Staff
Staff

Created on ‎11-01-2024 08:02 AM

Article Id 354404

Troubleshooting Tip: Internal On-Prem Exchange unable to be connected to from External email

Description

This article describes how to make sure external mail reaches the internal mail server and end user machines.
Scope FortiGate.
Solution

Traffic flow:

 

external users --> Microsoft mail servers (40.xx.xx.0/24) --> FortiGate WAN IP: 182.xx.xx.xx --> hits VIP policy --> end-user machines mail received IPs (192.168.xx.0/24)

 

  • Attempts to migrate emails to the cloud using port 443 encounter issues.
  • There are no issues with email delivery using port 25 (SMTP).
  1. Run a sniffer on FortiGate for external IP (6 0 a).

    1. FGT snifeer package.png

     

  2. Convert to Wireshark. It will show that the external server is sending a QUIT message and the Mail server is replying with '221 2.0.0. Service closing transmission channel'.

 

1. SMTP package.png

 

  1. Test from an external user to trigger the FortiGate WAN IP with ports 25 and 443.

 

3. Test teelnet FGT WAN 25 & 443.png

 

  1. Check the Firewall policy and then update the information on the Address Group.


4. FGT address group.png

 

  1. Test the connection ports are working properly.

 

5. connection ports working.png

 

Note:

To avoid connectivity issues for users, make sure that the following essential Exchange online addresses are included in the allow-list and that connectivity to these domains is not blocked.

 

6. Additional information updates.png

 

Microsoft 365 URLs and IP address ranges.
104
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.