If you go to the DMZ host tab is the Exchange server IP defined in the Default Server field? If not then you'll need to create a NAT rule (port forwarding) to allow the SMTP traffic through, it should match your firewall policy. If you have the Exchange server specified as the DMZ host then I believe you do not need a NAT (PF) rule and instead you should define a WAN to DMZ firewall rule.
IIRC the screenshot you had for the second policy didn't have a destination IP specified. Since traffic flow is from outside any to a specific inside device it needs to be defined. HTH. From: [email protected] [mailto:[email protected]] On Behalf Of Gavin Wilby Sent: Wednesday, May 13, 2015 12:59 AM To: '[email protected]' Subject: [NTSysADM] RE: Zxyel Routers Hi, Having now played with it, to allow any, then you have to leave the fields blanks, it wont accept 0.0.0.0 or "any". What it need to be able to do, is allow a VPN in from a single IP address, but allow the Exchange box that's on the same network to accept SMTP traffic from anywhere on the Internet. Gavin Wilby IT Support Engineer From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Neil Standley Sent: 12 May 2015 16:41 To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Zxyel Routers FYI, Zyxel support, while not great is free for the life of the product. To echo Richard's request, which device and firmware are you supporting? The first rule looks like it should work, are you able to establish a connection to the PPTP server? For the second rule, it looks like you're trying to allow the PPTP user to send email through some server, where does that SMTP server live in respect to the PPTP server? On the same LAN segment, or somewhere else? If the SMTP server is on the same LAN then once the PPTP user is connected they should be able to talk to it. Of course this depends on how your other rules are configured. ANY should be defined as either ANY or 0.0.0.0/0.0.0.0 Neil From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Gavin Wilby Sent: Tuesday, May 12, 2015 1:40 AM To: '[email protected]' Subject: [NTSysADM] Zxyel Routers Hi, I have a Zyxel router at a small remote site and need to set up some rules to allow/ deny access to services behind it. The manual for the router is shocking and although describes where the firewall is, doesn't explain the way that it should be configured. Does anyone have any experience of these at all and can confirm the following: This only allows PPTP from a single IP address to the VPN server on the other side. [cid:[email protected]] [cid:[email protected]] And this allows SMTP traffic in from anywhere. [cid:[email protected]] [cid:[email protected]] Or, should the "anywhere rule" be notated as 0.0.0.0 / 0.0.0.0? Gavin Wilby IT Support Engineer SMP Partners Ltd Clinch's House, Lord Street, Douglas, Isle of Man IM99 1RZ Tel +44 1624 682214 Mob +44 7624 480575 [email protected]<mailto:[email protected]> www.smppartners.com<http://www.smppartners.com/> A member of the SMP Partners Group of Companies SMP Partners Limited, SMP Trustees Limited and SMP Fund Services Limited are licensed by the Isle of Man Financial Supervision Commission. SMP Accounting & Tax Limited is a member of the ICAEW Practice Assurance Scheme. SMP Partners Limited registered in the Isle of Man, Company Registration No: 000908V Directors: M.W. Denton, M.J. Derbyshire, P.N. Eckersley, S.E McGowan, O. Peck, J.J. Scott, S.J. Turner SMP Trustees Limited registered in the Isle of Man, Company Registration No: 068396C Directors: A.C. Baggesen, M.W. Denton, O. Peck, J.J. Scott, J. Watterson, J. Cubbon SMP Fund Services Limited registered in the Isle of Man, Company Registration No: 120288C Directors: V. Campbell, M.W. Denton, P.N. Eckersley, D.A. Manser, S.E McGowan, O. Peck, J.J. Scott, R.K. Corkill SMP Accounting & Tax Limited registered in the Isle of Man, Company Registration No: 001316V Directors: I.F. Begley, A.J. Dowling, P. Duchars, P.N. Eckersley, J.J. Scott, S.J. Turner SMP Capital Markets Limited registered in the Isle of Man, Company Registration No: 002438V Directors: M.W. Denton, M.J. Derbyshire, D.F Hudson, S.E McGowan, O. Peck, J.J. Scott. SMP Partners Limited, SMP Trustees Limited, SMP Fund Services Limited, SMP Accounting & Tax Limited and SMP Capital Markets Limited are members of the SMP Partners Group of Companies. This email is confidential and is subject to disclaimers. Details can be found at: http://www.smppartners.com/disclaimer.html ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
