We currently have an Email Server ( behind an FireboxV in the cloud.
We also have a static IP on our onsite location.

I would like to configure the onsite IP as a second mx.

Both Networks are connected via a BOVPN Vif.

I have created a SNAT onsite with
From: (onsite IP)
To : (email server behind BOVPN Vif)

Now when a mail comes the FireboxV gets this Log message :
2023-08-10 08:24:48 Deny smtp/tcp 60188 25 BOVPN-1 Firebox ip spoofing sites 52 64 (Internal Policy) proc_id="firewall" rc="101" msg_id="3000-0148" tcp_info="offset 8 S 2647386282 win 43690" Traffic

Its denied because of Spoofing which makes sense.
The only Solution I found was to disable IP Spoofing.
Setup -> Default Packet Handling -> Drop Spoofing Attacks

But is there a better Solution ?


  • Options

    You can use Dynamic NAT with the Set source IP to change the incoming public IP addr to a private IP addr on the SMTP Policy Advanced tab, which will address the issue.
    Choose a private IP addr which will route over the BOVPN - perhaps the trusted interface IP addr.

Sign In to comment.