i have 2 smtp servers which is load balanced into one single ip single ip address.
we noticed that once we use the VIP for the smtp servers after doing load balancing in the fortigate, we will encounter some issues.
1st issue we saw was that instead of using the pre-assigned external ip address for smtp server, it will show the firewall wan ip address.
2nd issue is some mails will have issue sending out.
does fortigate load balance VIP supports smtp ?
i read the fortiOS handbook, it only talks abt http, there is no mention that smtp will work.
There are various levels of persistence and methods of load balancing. You're not tied to just using HTTP traffic.
Check the setting of 'nat-source-vip' on the VIP object, and try toggling it:
config firewall vip
edit <vip_name>
get | grep nat-source-vip
set nat-source-vip {enable | disable}
end
Regards, Chris McMullan Fortinet Ottawa
Hello there
Did you solve your problem? Having the same issue here.
If we connect to the Load Balancing Virtual IP, the Firewall responds with it's own Interface IP instead of the client IP. This is a bit of a problem, because we would like to only allow relay from specific IP addresses.
Thanks
reto.gobat wrote:Hi,Hello there
Did you solve your problem? Having the same issue here.
If we connect to the Load Balancing Virtual IP, the Firewall responds with it's own Interface IP instead of the client IP. This is a bit of a problem, because we would like to only allow relay from specific IP addresses.
Thanks
I think you have NAT enabled on the firewall of the VIP ? If so, turn it off.
If it´s enabled, you would see the firewalls IP instead, just like you described it.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
No we have NAT disabled on the VIP and also the FW Policy. But it will still show the IP of the FW Interface.
I know it's an old one but... I think that the chance to preserve client IP address is available only with multiplexing if you're load balancing HTTP/HTTPS type (and not the TCP one you have to use in order to balance SMTP session).
kinmun were you able to resolve the issue?
Mike Pruett
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.