Overview
- In the previous article, i showed you how to configure Outlook Everywhere to login user mailbox by Outlook in local network.
- In this article, i will show you how to configure Rule and necessary NAT port to on Sophos Firewall and Modern so that external users (gmail, yahoo mail…) can send mail to the Mail Server
Diagram
- In diagram, we have 1 modern run PPPoE, 1 Sophos XG Firewall with IP WAN 172.16.31.100/24, IP LAN 172.16.16.1/24, 1 Server with IP 172.16.16.20 and local computer.
- Server and local computer also in LAN area.
Create rule and NAT port on Sophos XG Firewall
Create Rule
We will create 3 rule :
- MailServer to WAN : This rule allow MailServer access internet (LAN > WAN).
- NAT MAIL SERVICE: This rule will implement the necessary NAT ports for email service.
- Inbound mail : Allows routing of SMTP traffic to Email server for scanning by Email Scanning Rules.
We will create the rules using the following parameters.
MailServer to WAN
- Login on Sophos Firewall’s GUI by Administrator account.
- Go to Firewall > Add Firewall Rule > User/Network Rule to create rule.
- Next to fill in the parameters as shown below.
NAT MAIL SERVICE
- Go to Firewall > Add Firewall Rule > Business Application Rule to create rule.
- In Application Template select DNAT/Full NAT/ Load Balancing.
- Next to fill in the parameters as shown below.
Inbound mail
- Go to Firewall > Add Firewall Rule > Business Application Rule to create rule.
- In Application Template select Email Servers (SMTP).
- Next to fill in the parameters as shown below.
Add MailServer to Sophos
- Go to Email > General Settings > press Switch to Legacy Mode.
- Go down SMTP Settings section, in SMTP Hostname fill in email server name is mail.trungnghia.xyz and click Apply.
Allow SMTP Relay and DNS for LAN, WAN zone
- Go to Administration > Device Access, check SMTP Relay and DNS for LAN and WAN zone.
NAT port on Modern
- Login on Modern’ GUI using Administrator right.
- Perform the necessary ports NAT as shown below.
Result
- We will use gmail account to send email to Adam account.
- Open adam account to check inbox, you will see that the email has been sent to adam account.
- We also can check on Sophos XG Firewall, login on Sophos XG Firewall’ GUI, click Log Viewer > select Email from drop-down menu and check log.
Leave a Reply