Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
armando_atanacio
New Contributor

Problems with NAT smtp

Hi! I have problem with my smtp server. I need to migrate my service from box Linux to Fortigate 100E. In this moments i can to access to ports 25 and 465 using Virtual IP. My problem is when the emails get out to a external service. For this i am using IP Pool for using specific external IP and it works but the communication never finishes. Sniffering some traffic a i realized that the source port changes at the moment of comunication over port tcp-25 which is not the case with the port tcp-465. The Policy for output traffic using the IP Pool is the same for twice ports from the internal IP.

[ul]
  • The output external IP is: 187.190.112.103
  • The smtp external is: 187.141.83.210[/ul]

    I attach one image with the traffic.

    Could guide me in solving the problem?

     

  • 2 REPLIES 2
    Mrinmoy
    Staff
    Staff

    can you please share the VIP and firewall-config?

    Mrinmoy Purkayastha
    pminarik
    Staff
    Staff

    Can you highlight what you think is the issue in the screenshot?
    You mentioned source-port change, but that remains 34990 throughout the handshake. Nothing wrong there, the session even ends cleanly with a FIN-ACK exchange.

     

    The random SYN-ACKs to port 31179 are most likely either unrelated, or malicious(?).

     

    Suggestion:

    Check if the traffic flowing through this policy is offloaded. The pattern of packets that we see for the session between ports 34990<->25 (I'm too lazy to write out the IPs, sorry) matches a typical pattern of a session offloaded to NP:

    1, TCP handshake visible (not offloaded, unless doing hyperscale on NP7)

    2, further traffic offloaded (not seen in pcap, assuming no UTM inspection)

    3, FIN-ACK exchange visible in pcap again (any session-closing/interrupting FIN/RST packets gets sent to the kernel again, making it visible in pcaps)

     

    If you're having problems with the traffic, you will need to ensure that offload is disabled, otherwise you won't get a full picture in your packet captures.

    [ corrections always welcome ]
    Top Kudoed Authors