SNAT over BOVPN
Hi,
We currently have an Email Server (192.168.100.100) behind an FireboxV in the cloud.
We also have a static IP on our onsite location.
I would like to configure the onsite IP as a second mx.
Both Networks are connected via a BOVPN Vif.
I have created a SNAT onsite with
From: 13.37.1.1 (onsite IP)
To : 192.168.100.100 (email server behind BOVPN Vif)
Now when a mail comes the FireboxV gets this Log message :
2023-08-10 08:24:48 Deny 11.76.159.115 192.168.100.100 smtp/tcp 60188 25 BOVPN-1 Firebox ip spoofing sites 52 64 (Internal Policy) proc_id="firewall" rc="101" msg_id="3000-0148" tcp_info="offset 8 S 2647386282 win 43690" Traffic
Its denied because of Spoofing which makes sense.
The only Solution I found was to disable IP Spoofing.
Setup -> Default Packet Handling -> Drop Spoofing Attacks
But is there a better Solution ?
Comments
You can use Dynamic NAT with the Set source IP to change the incoming public IP addr to a private IP addr on the SMTP Policy Advanced tab, which will address the issue.
Choose a private IP addr which will route over the BOVPN - perhaps the trusted interface IP addr.