how to force smtp out of different external ip address

Greetings. M4600. WSM and Fireware 12.5.2. Currently, mail from an internal trusted server goes out of our "outbound" connection using its external interface. How do I create a rule that changes this external interface? The current external interface is being shared by many other groups that are suffering the consequences of our mail server sending out thousands of emails. I'd like for my team, my users (not this mail server in question) to use a different external interface to send out email. Can this be done?

My mail server's "external interface" is being shared by my regular users. I'd like to either move my mail servers external ip to a different one that I have, or move my users and have them send mail out of a different external ip address.

Help. Hoping that I explained this properly and that it can be done.


  • Options

    If you have multiple external interfaces, you need to use SD-WAN on the outgoing SMTP policy to select the external interface to use which has the public IP addr that you want to use for that outgoing SMTP.

    If you have multiple public IP addrs on this external interface, add a Dynamic NAT entry From: the private IP addr of the SMTP server To: the public IP addr that you want to use for that outgoing SMTP

  • Options

    Thank you Bruce! I already have an incoming smtp proxy that reads from internal source ip to an snat (public ip to private ip). See attached file https://ibb.co/3hRNrzN. Do I add the dynamic nat entry here in this rule or do I create a new rule entirely?

    If new rule, will it be from public ip to internal source ip, and adding the dynamic nat entry?

  • Options
    edited May 2020

    Add it as a Network -> NAT -> Dynamic NAT entry

    This should affect outgoing packets from the From: IP addr and NAT them to the To: public IP addr

  • Options

    awesome! thank you. It now looks like this https://ibb.co/gRXTrNs. i will test.

Sign In to comment.