Issue with usg60w and server
Hi all,
I've configured a server with a public ip address and an usg60w firewall in transparent bridge mode.
I've set the same public ip and gateway of the server on the bridge interface and set the lan1 on 192.168.6.1 subnet. Everything worked great, i was able to send and receive mail from the outside and i was able to connect from outside to the server via the public ip. Suddendly, without every kind of change, the server was not more reachble, instead of the server via the public ip i reach the zyxel log in panel, and i was not able anymore to send and receive emails.
Could someone give me an advice?
Thank you
I've configured a server with a public ip address and an usg60w firewall in transparent bridge mode.
I've set the same public ip and gateway of the server on the bridge interface and set the lan1 on 192.168.6.1 subnet. Everything worked great, i was able to send and receive mail from the outside and i was able to connect from outside to the server via the public ip. Suddendly, without every kind of change, the server was not more reachble, instead of the server via the public ip i reach the zyxel log in panel, and i was not able anymore to send and receive emails.
Could someone give me an advice?
Thank you
0
Comments
-
Hi @Alecz87,
Did you enable Session control or ADP? (Configuration > Security policy > ADP|Session control)
You also can check log on Monitor > Log. is there any event log about the mail server IP.
Don't miss this great chance to upgrade your Nebula org. for free!
0 -
Hi @Zyxel_Cooldia, i've check and the ADP is disabled, instead session control is empty, maybe i've to set arule to give unlimited session to any hosts?0
-
Hi @Alecz87,
I thought that mail sever was blocked by USG ADP or session control, but it seems not.
When the server was unable to access. can you ping to mail server from USG diagnostic tool(Maintenance > Diagnostics > Network Tool)?
Don't miss this great chance to upgrade your Nebula org. for free!
0 -
Hi @Zyxel_Cooldia, i need to try it, i think on saturday morning when i can do some tests without interfere with the work of the users.
I cannot understand how is possible that everything works and from a moment to another no, i also troes to set the server on the lan1 and set the public ip to the wan1, but both the email client that the webpanel of our mail server does not recognize the authentications0 -
Hi @Alecz87,
if you move the mail server to lan side, you have to set port mapping on USG for mail service port.
e.g. SMTP(TCP 25), POP3(TCP 110) , and web mail port for Internet user access.
From your issue description, it looks like mail server service fail.
USG only forward the traffic from wan to lan, it would not intervene client to server authentication.
Port mapping configuration guide.
https://businessforum.zyxel.com/discussion/1171/how-to-allow-public-access-to-a-server-behind-zywall-usg#latest
Don't miss this great chance to upgrade your Nebula org. for free!
0 -
Zyxel_Cooldia said:Hi @Alecz87,
if you move the mail server to lan side, you have to set port mapping on USG for mail service port.
e.g. SMTP(TCP 25), POP3(TCP 110) , and web mail port for Internet user access.
From your issue description, it looks like mail server service fail.
USG only forward the traffic from wan to lan, it would not intervene client to server authentication.
Port mapping configuration guide.
https://businessforum.zyxel.com/discussion/1171/how-to-allow-public-access-to-a-server-behind-zywall-usg#latest0 -
Hi @Zyxel_Cooldia, i have this entry in the log monitor every time try to connect to the mail server: "match default rule DROP destination 255.255.255.255:67 access block" i tried to app a new policy in which allows the port 67 but never change0
-
Hi @Alecz87,
the broadcast to port 67 is existing, when a device request a DHCP address by the DHCP server, this is not an issue during mail server connectivity.
have you a simple graph, where the systems are located and what's working and not working ?
regards
Christian
0 -
Hi @ChristianG,
For the moment i have solved applying a transparent bridge, but I noticed that if i logged out from the zyxel panel after some minutes the public ip connect to the zyxel log in panel instead of the server, while if i leave an account logged in with infinite session time this not happened. Is possible?
Regards0 -
Hi @Alecz87,
Did you binding the server IP to USG interface. what i mean is USG IP same as mail server IP.
As ChristianG mentioned, Can you post your network topology and send me your configuration via private message.
It would be helpful to figure out what could went wrong.
Don't miss this great chance to upgrade your Nebula org. for free!
0
Categories
- All Categories
- 414 Beta Program
- 2.2K Nebula
- 131 Nebula Ideas
- 91 Nebula Status and Incidents
- 5.4K Security
- 179 USG FLEX H Series
- 258 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 36 Wireless Ideas
- 6.2K Consumer Product
- 236 Service & License
- 372 News and Release
- 79 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 80 About Community
- 69 Security Highlight