Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MikeSmith0007
New Contributor

Need to Keep Source IP for DMZ Traffic to SMTP Server

 

I have a 201F that I am using to replace an old SonicWall. I have a LAN and a DMZ setup. The only server in the DMZ is an SMTP server that I relay application mail off of.

 

The SMTP server has a software firewall that controls access to only the IP's I want relaying mail. The software firewall reads the incoming source IP to check if the incoming request is allowed to send.

 

When connected to the current SonicWall, all the traffic comes in to the SMTP server with it's source IP. So if a request is from a server at 1.2.3.4 for example, the SMTP server sees IP 1.2.3.4.

 

When connected to the 201F, all the traffic is coming in not with the source IP, but with the IP of the port from the 201F that the SMTP server is connected to. So all traffic - good and bad - has the same IP. Obviously my SMTP software firewall can't filter what's good and bad when all the IP's are the same.

How can I retain the original IP for the traffic like my SonicWall does?

 

1 Solution
ebilcari
Staff
Staff

It looks like your are NAT-ing the traffic. On the Firewall policy that allows incoming traffic to SMTP server (VIP) you have to disable NAT

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

2 REPLIES 2
ebilcari
Staff
Staff

It looks like your are NAT-ing the traffic. On the Firewall policy that allows incoming traffic to SMTP server (VIP) you have to disable NAT

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
MikeSmith0007

That did the trick. Thanks!

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors