SNAT over BOVPN
We currently have an Email Server (192.168.100.100) behind an FireboxV in the cloud.
We also have a static IP on our onsite location.
I would like to configure the onsite IP as a second mx.
Both Networks are connected via a BOVPN Vif.
I have created a SNAT onsite with
From: 126.96.36.199 (onsite IP)
To : 192.168.100.100 (email server behind BOVPN Vif)
Now when a mail comes the FireboxV gets this Log message :
2023-08-10 08:24:48 Deny 188.8.131.52 192.168.100.100 smtp/tcp 60188 25 BOVPN-1 Firebox ip spoofing sites 52 64 (Internal Policy) proc_id="firewall" rc="101" msg_id="3000-0148" tcp_info="offset 8 S 2647386282 win 43690" Traffic
Its denied because of Spoofing which makes sense.
The only Solution I found was to disable IP Spoofing.
Setup -> Default Packet Handling -> Drop Spoofing Attacks
But is there a better Solution ?