Configuring a NetScreen Firewall for an Internal SMTP Server

Steps to take to configure a NetScreen firewall that is performing Network Address Translation (NAT) to allow email to be sent from and to an internal email server from systems outside the firewall. The steps apply to using the web-based interface to the firewall. The steps presume that the external IP address, i.e. the address on the untrust side of the firewall, is and that the IP address of the email server on the inside of the firewall is
  1. Click on Network.
  2. Click on Interfaces.
  3. Click on Edit for the untrust interface.
  4. Click on VIP.
  5. Click on the New VIP Service buton.
  6. Put the following values in the fields shown:

    Virtual IP10.0.186.50 (the actual address for the untrust side of your firewall should appear here)
    Virtual Port25
    Map to Service SMTP (25) or MAIL (25) [select one from the list]
    Map to IP192.168.0.5 (the actual address for the internal email server should be placed here)
    Server Auto Detection 16x16 checkbox

  7. Click on OK.
  8. Click on Policies.
  9. For From, select Untrust and for To select Trust.
  10. Click on the New button.
  11. Put the following or similar information depending on your configuration in the fields shown.

    Name (optional)SMTP (or whatever name you wish to use)
    Source AddressAddress Book Entry: Any
    Destination AddressAddress Book Entry: VIP (untrust) or VIP::1
    ServiceMail or SMTP

    If you want to turn on logging for this traffic, check the Logging checkbox. If you want to have a counter as well for the traffic, click on the Advanced button and check the checkbox for Counting.

  12. Click on OK to save the settings.


TechRabbit ad 300x250

Justdeals Daily Electronics Deals1x1 px