Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cash5150
New Contributor

Created on ‎01-06-2018 11:27 AM

Inbound EMails being proxied

Hey Guys, 

I just setup this Fortigate 60C. I upgraded the os to 5.2. I created a VIP and then created a policy. This is for Port 25 and is being used to simply forward port 25 traffic to my mail filter. 

 

I noticed in my message tracking logs that External Emails Office 365 (And other senders) are being proxied by the fortigate instead of just being NAT'd. 

 

I was not expecting the Fortigate to Proxy SMTP Traffic inbound (or outbound). How can I disable this? The reason why this is bad is because my Symantec Messaging Gateway thinks inbound emails are now all of the sudden outbound emails which causes freaky policy issues. 

 

Thanks, 

Robert 

Preview file
43 KB
9591
0 Kudos
7 REPLIES 7
ede_pfau
SuperUser
SuperUser

Created on ‎01-07-2018 01:56 AM

Hi,

 

and welcome to the forums.

A VIP only changes the destination address. You probably have enabled 'NAT' in the incoming policy which causes the FGT to NAT the source address as well. Please check this first.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3546
0 Kudos
cash5150
New Contributor
In response to ede_pfau

Created on ‎01-07-2018 02:49 PM

I do have NAT Enabled but that shouldn't cause the Source IP address to change from an External IP to the Firewall's IP. That sounds like proxying to me. 

3547
0 Kudos
cash5150
New Contributor
In response to cash5150

Created on ‎01-09-2018 02:02 PM

Guys

 

Any help here? I discovered today that my mail relay has been being used as an open relay because the IP address 192.168.1.225 FG firewall is listed as an internal IP (due to it being internal). This caused my relay to think all inbound emails were coming from inside my network. 

 

I then locked down SMTP from anything but my networks external IP address, this also didn't work, due to the firewall once again proxying all traffic from the WAN to >> Port 25 internally. 

 

I cant be the first person to have had this problem so I am clearly doing something wrong. Can anyone provide assistance here?

 

Robert 

3547
0 Kudos
cash5150
New Contributor
In response to cash5150

Created on ‎01-09-2018 05:39 PM

Ok I got this figured out. it was as you had originally suggested, I had NAT enabled in the policy. Previously most firewalls I worked with either did NAT or Route and no other way. If you disabled NAT it was "System Wide" not like the fortigate which does policy based. 

 

Thanks, 

Robert 

3547
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to cash5150

Created on ‎01-14-2018 01:50 AM

Glad you've fixed this finally. I tried to explain what NAT does in a FGT in my post. Basically the FGT is a transparent proxy for all traffic, does routing and optionally NATs addresses. If you've got the time have a look at the FortiOS Handbook. The introductory chapters explain the general design quite well.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3547
0 Kudos
cash5150
New Contributor
In response to ede_pfau

Created on ‎01-07-2018 03:11 PM

This is what I found for changing flow mode: 

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_ProxyFlowPerVDOM.htm

 

I am running OS 5.2 though so I am not sure if my 60C supports those same options. 

3547
0 Kudos
cash5150
New Contributor

Created on ‎01-07-2018 05:34 AM

Any suggestions here? the email in the screenshot is from office 365, the message was sent from EOP to my environment, the source IP address should have been a publicly routable address and the 192.168.1.225 which is the internal IP of the firewall. 

3547
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.