Configuring a NetScreen Firewall for an Internal SMTP
Server
Steps to take to configure a NetScreen firewall that is performing
Network
Address Translation (NAT) to allow email to be sent from and to an
internal email server from systems outside the firewall. The steps apply
to using the web-based interface to the firewall. The steps presume
that the external IP address,
i.e. the address on the untrust side of the firewall, is 10.0.186.50
and that the IP address of the email server on the inside of the firewall
is 192.168.0.5
- Click on Network.
- Click on Interfaces.
- Click on Edit for the untrust interface.
- Click on VIP.
- Click on the New VIP Service buton.
- Put the following values in the fields shown:
| Virtual IP | 10.0.186.50 (the actual
address for the untrust side of your firewall
should appear here) |
| Virtual Port | 25 |
| Map to Service |
SMTP (25) or MAIL (25) [select one from the list] |
| Map to IP | 192.168.0.5 (the actual
address for the internal email server should be placed here) |
| Server Auto Detection |
 |
- Click on OK.
- Click on Policies.
- For From, select Untrust and for To select
Trust.
- Click on the New button.
- Put the following or similar information depending on your configuration
in the fields shown.
| Name (optional) | SMTP (or whatever name you wish to use)
|
| Source Address | Address Book Entry: Any |
| Destination Address | Address Book Entry: VIP (untrust)
or VIP::1 |
| Service | Mail or SMTP |
| Application | None |
| Action | Permit |
If you want to turn on logging for this traffic, check the Logging
checkbox. If you want to have a counter as well for the traffic, click
on the Advanced button and check the checkbox for Counting.
- Click on OK to save the settings.
Created: Sunday, April 12, 2009
