I have a 201F that I am using to replace an old SonicWall. I have a LAN and a DMZ setup. The only server in the DMZ is an SMTP server that I relay application mail off of.
The SMTP server has a software firewall that controls access to only the IP's I want relaying mail. The software firewall reads the incoming source IP to check if the incoming request is allowed to send.
When connected to the current SonicWall, all the traffic comes in to the SMTP server with it's source IP. So if a request is from a server at 1.2.3.4 for example, the SMTP server sees IP 1.2.3.4.
When connected to the 201F, all the traffic is coming in not with the source IP, but with the IP of the port from the 201F that the SMTP server is connected to. So all traffic - good and bad - has the same IP. Obviously my SMTP software firewall can't filter what's good and bad when all the IP's are the same.
How can I retain the original IP for the traffic like my SonicWall does?
Solved! Go to Solution.
It looks like your are NAT-ing the traffic. On the Firewall policy that allows incoming traffic to SMTP server (VIP) you have to disable NAT
It looks like your are NAT-ing the traffic. On the Firewall policy that allows incoming traffic to SMTP server (VIP) you have to disable NAT
That did the trick. Thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.