Options
Watchguard Firebox Firewall Help
Does anyone have experience setting up and configuring Watchguard Firebox Firewalls? Specifically the Firebox III/700 model.
I am having a problem that some Domains, ie: hotmail.com are not coming through the SMTP proxy. I don't understand it, Yahoo.com, Gmail.com come through just fine. Everyone else gets a NDR saying the mailbox isn't available or something about a Chunk size.
I have googled, called Watchguard (So painful .. language barrier
), and browsed blogs whatever else. I have upgraded the firmware of the firewall, Watchguard wants me to creat a 1 to 1 NAT, but I don't see why I need to do that.
I am running Exchange Server 2003 SP2 on Windows Server 2003 behind the firewall, but the mail is not hitting the exchange server. I am 100% positive the firewall is blocking the emails. I have checked the exchange server settings and made absolutely sure that hotmail is not being blocked. It isn't just hotmail anyways, it's others as well. Anyways, I've tried everything else, I figured I would post here to see if anyone has any ideas that I could try.
Thanks in advance.
I am having a problem that some Domains, ie: hotmail.com are not coming through the SMTP proxy. I don't understand it, Yahoo.com, Gmail.com come through just fine. Everyone else gets a NDR saying the mailbox isn't available or something about a Chunk size.
I have googled, called Watchguard (So painful .. language barrier
), and browsed blogs whatever else. I have upgraded the firmware of the firewall, Watchguard wants me to creat a 1 to 1 NAT, but I don't see why I need to do that.I am running Exchange Server 2003 SP2 on Windows Server 2003 behind the firewall, but the mail is not hitting the exchange server. I am 100% positive the firewall is blocking the emails. I have checked the exchange server settings and made absolutely sure that hotmail is not being blocked. It isn't just hotmail anyways, it's others as well. Anyways, I've tried everything else, I figured I would post here to see if anyone has any ideas that I could try.
Thanks in advance.
Comments
-
Options
rossonieri#1
Member Posts: 799 ■■■□□□□□□□
hello,
i'm not sure the Qs - web mail or the SMTP? because "hotmail, yahoo etc" can be a web mail or smtp/pop.
if you 100% positive about FW blocking the MX - you should find in your FW log - and how can the yahoo, and gmail work fine?
1 on 1 NAT could be a map translation to your inside MX only - not 1 on 1 to clients and that should be no problem at all.
or you might check the DNS internal and external.
and the last thing is a lot of people saying that hotmail is not a proxy-friendly.
cheers..the More I know, that is more and More I dont know. -
Options
TeKniques
Member Posts: 1,262 ■■■■□□□□□□
Well, I figured out what the problem was. First, rossonieri#1 thanks for the reply and your suggestion of DNS turned out to be part of the problem.
I was incredibly pissed about this because there was absolutely no help online about this particular problem I was having. Watchguard was not very helpful because I kept asking myself ... Does everyone with a Firebox III/700 have to configure 1 to 1 NAT to get hotmail to come through? The answer is most resoundingly NO!
Turns out my MX reverse DNS record was screwed with the ISP. Instead of resolving like: my.ip.add.ress to mail.mydomain.com it was resolving my.ip.add.ress to in.addr.arpa.something.ress.add.ip.my
So I had my ISP change the reverse DNS record and then I got rid of the worthless SMTP proxy service that comes with the Firebox and set up an SMTP filter and let the Exchange server handle all of the ESMTP requests.
Voila! Problem solved after weeks of pain and horrendous phone calls to Pakistan or wherever the hell I called.
-
Optionsrossonieri#1
Member Posts: 799 ■■■□□□□□□□
great to help you, TeKniques
here, i have some new problems also.
a lot of my customers confuse about their new cable connection which the isp gave them 3 dynamic ip addrs - what for??
supposed you do NAT - that wont do much help either, weird??
cheers...the More I know, that is more and More I dont know.