I'm installing 300E units to replace our 5525x asa's Things have been going along well but I'm having trouble getting email traffic to flow though the 300e. For example - lets say our cable modem address is 1.1.1.1 and attached to that is a block of cidr addresses dished out on that to us by the cable company. And lets also say that our outside email address (from that cidr block) is 3.4.4.4
The cable company routes the cidr addresses to the cable modem address.
The cable modem is plugged into a port defined as wan named outside-pri (cable modem address 1.1.1.1)
The fortigate 300 has a port defined as lan named cidr (a /27 block of addresses)
The fortigate 300 has a port defined as lan named dmz (ip of 10.53.0.1 on a 10.53.0.0/24 network)
In this scenario - there is a external fortigate300e and an internal fortigate VM.
Barracuda processes our outside email so a certain range of addresses is allowed into the fortigate 300 from barracuda.
The way the email flow through the asa now is to email come in on the allowed barracuda address range which sends the emails to the cidr address which is 3.4.4.4 and that is natted to 10.53.0.41 o on the dmz port. The fortigate vm then sees the 10.53.0.41 address on its dmz port and then nats in to our internal email server for processing.
I've duplicated that scenario on the new fortigate 300e and the email traffic never hits the policy to allow email in
Instead the email flows hits the explicit deny all policy and never gets processed.
In examining the forti analyzer to see what happens I see the barracuda inbound address sending to our public ip email address and then see that email address 3.4.4.4 natted to the 10.53.0.41 as I would expect it to be. I see the source interface in the fortianalyzer defined as WAN and the destination in interface defined as root with an interface role of undefined processing smtp as a service as we would expect.
Is the interface named root and the role as undefined causing the traffic flow to go to the explicit dent?
Any helpful information would be appreciated.
thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.