09-23-2013 08:48 AM - edited 03-11-2019 07:42 PM
All,
We have a customer using an Ironport C170 Email firewall device. It seems the Ironport proxies Email traffic to the configured MTA using its own source IP instead of the client IP address. This is causing an issue for our customer as they need to be able to filter and do some post processing based on source IP. I am totally unfamiliar with the Ironport series as we do not use them here and searches do not reveal a way to have the Ironport preserve the source address. Could anyone more familiar with this device enlighten me on if source preservation is possible with this. Seems to be a true proxy device so I am not sure there is a way but thought I would throw it to the experts to be sure. Thanks in advance for replies.
09-25-2013 12:16 PM
Hi,
As soon as the ESA recieves the traffic from the email server will be processed and then it will be send using its interface IP address. What is the source IP address that should be preserved? What device owns it?
Regards,
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"
http://www.cisco.com/web/partners/tools/pdihd.html
09-26-2013 08:29 AM
Thanks for the reply. I should have been more clear. So for connections inbound from Internet clients, it seems the source IP is that of the C170 from the perspective of the Email server. Connection path would look like this:
client-------->C170--------->Email Server
For these connections, when the connection goes from the C170 to the Email server, the source IP is changed from that of the client, to that of the C170 because I believe the connection is actually being proxied. I would like to know if there is some configuration that would allow the source IP (in this case the clients source IP) to be preserved when the connection is sent to the Email server. Some sort of transparent proxy option perhaps? I really do not know anything about this C170 device, but things I read do not seem to indicate there is a way to do this. Just trying to see if anyone can confirm. Thanks.
11-11-2013 08:19 AM
Anyone......I have a hard time believing this has never come up before. I know the Barracuda devices can do this somehow. Again, I am not at all familiar with Ironport gear so I am at a disadvantage here. Any help would be great. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide