06-15-2012 02:12 AM - edited 03-11-2019 04:19 PM
Hi All :
Below please see my client email access picture in attach file. It happens the email access from DMZ zone of RTDB firewall fail to Edge Network mapped IP address.
Funny thing is the access from partial network is OK as indicated separately : From Servers Network to Edge, from MIS Network to Edge and also from DMZ to MIS is OK.
The problem only happens at the required result of from DMZ to Edge.
What is the possible problem? Anyone can help and any information needed in order for helping on this case?
Thanks and best regards,
tangsuan
06-15-2012 06:18 AM
Hi all :
Look at the inside network of PP external firewall and the MIS (outside) network of RTDB Firewall, they are separated by MIS switch.
The security level of the inside network of PP external firewall is 100 and security level of the MIS (outside) is 0. Although there are separated by two VLAN and between them but there is inter-VLAN routing by the seitch.
Is it necessary to set these two network to same security level so that the traffic between them can flow properly between two VLAN?
Please advise
Beside that, any other concern on this design?
Many thanks!
best regards,
tangsuan
06-18-2012 01:01 AM
Hi all :
I need the help from this email access badly. In this design, I have loosen the access between the Outside (MIS) and DMZ of the RTDB Firewall access which is as below :
access-list DMZ-IN extended permit ip 10.30.30.0 255.255.255.0 any
access-list MIS-IN extended permit ip any 10.30.30.0 255.255.255.0 <--- this applies from Outside of RTDB firewall access to the DMZ
This morning I also tried to set the security level of the MIS to 80 and the security level of the MIS to 50 so that the MIS security level is same as the Inside network of the PP External firewall.
The result of telnet 172.16.1.106 25 is still the same -- cannot work.
The MIS switch is a 3Com switch which caould be a problem. I will see anyway to bypass the switch to test again.
Anybody has any suggestion on this problem?
Thanks!
06-21-2012 01:46 AM
Hi all :
This problem has been resolved after a lot of access rules added in and modified.
The access rules have to be cleared first and then the station has to open the port 25 from anti-virus software. One sentence can describe the whole problem but it needs days to do the job.
This discussion is closed.
Thanks and best regards,
tangsuan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide