USG20W don't pass smtp from sharp copier

PiRX2000
PiRX2000 Posts: 7  Freshman Member
First Comment
edited April 2021 in Security
Hi, my customer has USG20W and new Sharp MX-5070. Copier should sent counters to service firm by smtp, but USG (firmware 3.30(BDR.9)C0) cuts out all transmission from the copier. Packets reach the LAN interface and do not appear on the WAN interface despite the correct rule passing the SMTP traffic or even when I turn off the firewall and IDP. SMTP from Outlook and Thunderbird works fine.
Any ideas?

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @PiRx2000,
    Can you capture packets on USG LAN/WAN interface and send me the packets trace via private message.


  • PiRX2000
    PiRX2000 Posts: 7  Freshman Member
    First Comment
    192.168.1.90 Sharp MX5070, 85.128.245.88 mail server
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @PiRX2000,
    From the packets trace, The Sharp MX-5070 send the message by ESMTP protocol(TCP 587).
    Does this device have security policy to allow TCP 587 port?
  • PiRX2000
    PiRX2000 Posts: 7  Freshman Member
    First Comment
    Security policy allow tcp587 nothing change. From local support, I received FW 330BDR9ITS-WK48-r74988 - it did not improve anything. For a moment I changed USG20W to my USG40W (with fw 4.25/4.31) and everything started working great. Ubiquiti USG works fine too.
    I suppose the problem is the old firmware for USG20W, which has not been updated for two years. Can I expect that Zyxel will update the firmware soon?




  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @PiRx2000,
    Because it enable IP-MAC binding on bridge interface. when the SharpMX packets coming up to USG and it does not match the IP-MAC binding table, then it drop on Bridge interface(Lan)
    That’s why, even you disable the firewall rule, the packets is still unable to send out. Please add SharpMX to IP to "Exempt  List" and try it again.


  • PiRX2000
    PiRX2000 Posts: 7  Freshman Member
    First Comment
    It solved the problem. TNX Zyxel_Cooldia :) 

Security Highlight