Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
oberguru
New Contributor

Created on ‎02-07-2015 05:55 AM

Blocked port 25 on fortigate 60c

Hello to all members

I have big problem with fortigate blocking port 25 I hope that someone will me able to help me. Since mail service is crucial for our company this is big problem for me.

I have mail server which s on interface 4 (basically DMZ interface) with let say address 10.10.10.1. VIP group is created and contains port forwarding for all necessary services for mail server SMTP(25), SMTPS(465), POP3S(995), IMAPS(993), NNTPS(563), HTTPS(443). Users are on interface 1.

Policy are in place

internal1 -->internal4

internal1 --> WAN2

internal4 -->WAN2

WAN2 --> internal4

set srcintf "wan2"         set dstintf "internal4"         set srcaddr "all"         set dstaddr "msgroupvip"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all

where msgroupvip is VIP group containing fort forwarding for all necessary service.

 

Problem is with fortigate unit block port 25 (SMTP) from my external address (WAN 2 interface) to local interface - Mail server (Internal 4 interface), Because of that my company is unable to receive any email from external address for past two days. We are able to send email outside and receive and send emails within company internally (Local traffic) . Same issue happens about month ago. Problem resolved itself without my intervention. I was unable to determine what cause this problem. Yesterday problem arise again. Again port 25 on fortigate is blocked. All other port on VIP who forward traffic to mail server works without problem. All forwarded ports (SMTPS, HTTPS, NNTPS, IMAPS, POP3S) works as they should and only SMTP port is blocked. UTM feature is disabled. As far I know no attack is detected on our network and every other service works as they should except blocked port 25. Folowing instruction in some other post I even recreated VIP port forwarding for all port  again with no results. I even recreated a policy rule for WAN2 --> Internal4 policy with CLI with no result.

Firmware version is v5.0,build0305 (GA Patch 10). While we where on firmware 4.0 MR3 we never experienced this problem.

Sorry for the long post but I try to explain problem in detail.

Labels:
46809
0 Kudos
34 REPLIES 34
ede_pfau
SuperUser
SuperUser

Created on ‎02-08-2015 01:31 PM

I totally agree with emnoc.

Enough for a sunday, at least for me. Good luck tomorrow, I'll be back.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
2314
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎02-09-2015 12:56 AM

Will I'm glad it all worked out for you, if you have a support contract, you should let fortinet support know. Maybe something else is a factor with the smtp 25/tcp stoppage.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2314
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎02-09-2015 02:06 AM

Ok so what did the 5.0.9 downgrade perform.

 

I perform upgrade from 4.0 mr3 --> 5.0 -->5.2.1. After that I perform downgrade to 5.09. After that problem resolve by itself.

 

 

So with the downgrade you still have the same problem? Did you rerun the  mxtoolbox and diag sniffer? if the results are the same ( no SYN , no traffic, etc...) than I suspect it's your upstream or something upwind and not your firewall. You configs look good , and a simple  upgrade should not have broke a firewall and specifically just for one  service.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2314
0 Kudos
ashukla_FTNT
Staff
Staff

Created on ‎02-09-2015 01:42 PM

If diag sniff on port 25 doesn't show anything 99% it is the upstream or ISP issue(doesn't matter what ISP says). So I believe it is better to concentrate on 99% instead of concentrating on 1%

Do the following to confirm: 1) unplug the wan cable from firewall and plug to a computer 2) Disable personal firewall 3) Assign the same public ip to pc 4) Run wireshark on the lan interface on pc 5) First do a ping and confirm you can see that traffic in wiresharak 6) Somewhere from internet do the telnet on public ip port 25 7) If you don't see any packet on port 25 in wireshark -> Call ISP 8) If you see port 25 traffic (Highly unlikely) in wireshark -> Call Fortinet Support

2314
0 Kudos
oberguru
New Contributor
In response to ashukla_FTNT

Created on ‎02-09-2015 02:21 PM

Good news fellow member

Problem is solved. After thorough reviewing all post in this thread only logical and correct answer was that this mess is ISP fault. And it was. During the day guy from fortinet contact me and after detail checking basically confirm everything that had been written here. I contacted ISP again and demand detail check of traffic flow to our company especially SMTP. Not long after that conversation, email traffic finally flow.

Apparently they suffered massive DDoS attack in Thursday late evening and Friday morning and apply all sort of filters across they network among other all mail server where blocked except their. After removing these filters on Friday our mail server where left behind blocked on some rogue device. Immediately after putting our mail server on correct policy problem was solved.

 

Once more I want to say thanks to you all on tremendous effort to help me. That was priceless.

 

 

2314
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.