Profile Picture

IMail server behind firewall

Posted By Dr.MohM Last Year
You don't have permission to rate!
Author
Message
Dr.MohM
Posted Last Year
View Quick Profile
Forum Guru

Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)

Group: Forum Members
Last Active: Last Year
Posts: 36, Visits: 143
Hi,
I need your help

Currently we have IMail server with public IP x.x.x.x and we want this server to be secured by a firewall as follow:

* Firewall IP address will be x.x.x.x (the mx record)

* IMail server IP address will be a virtual LAN IP address I.e 192.168.1.2

* on IMail server,  primary domain  IP address should be changed to be 192.168.1.2

* Port forword (mapping) on firewall for the services (SMTP, POP3, IMAP, HTTP, HTTPS)

Will this solution work?
Do I mess something?
Is there a better deployment scenario?

Thanks




Dr.Mohm
Mike Barber
This post has been flagged as an answer
Posted Last Year
View Quick Profile
Time Traveler

Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)

Group: Administrators
Last Active: Yesterday
Posts: 478, Visits: 19.3K
Yes, this will work. I have a few servers configured this way.

Mike Barber
Senior Software Developer
Ipswitch, Inc
Dr.MohM
Posted Last Year
View Quick Profile
Forum Guru

Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)

Group: Forum Members
Last Active: Last Year
Posts: 36, Visits: 143
Thanks,
Any drawbacks for this solution?

Is there better approach ?

Should I open a ticket with technical support?

Please advice

Dr.Mohm
Mike Barber
This post has been flagged as an answer
Posted Last Year
View Quick Profile
Time Traveler

Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)Time Traveler (649 reputation)

Group: Administrators
Last Active: Yesterday
Posts: 478, Visits: 19.3K
The only drawback is messages addresses to addr@YOUR.PUBLIC.IP.ADDRESS will no longer be accepted. However this is an extreme edge case as no one really addresses messages in this way except for testing purposes. The workaround for this is to add your public IP in the domain aliases field.

Better approach - not aware of one. There are other ways like what the Cisco PIX used to do where it played middle man and inspected the commands being sent but that causes other issues.
This all depends on what your goals are, and what networking security gear you have available, and your budget.

Open a ticket - for what purpose?

Mike Barber
Senior Software Developer
Ipswitch, Inc
Dr.MohM
Posted Last Year
View Quick Profile
Forum Guru

Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)Forum Guru (54 reputation)

Group: Forum Members
Last Active: Last Year
Posts: 36, Visits: 143
Thanks MIKE,
Your answers is more than enough for me.

Thanks again,  I really appreciate your help.

Dr.Mohm


Similar Topics


Reading This Topic