USG20W don't pass smtp from sharp copier

PiRX2000

Hi, my customer has USG20W and new Sharp MX-5070. Copier should sent counters to service firm by smtp, but USG (firmware 3.30(BDR.9)C0) cuts out all transmission from the copier. Packets reach the LAN interface and do not appear on the WAN interface despite the correct rule passing the SMTP traffic or even when I turn off the firewall and IDP. SMTP from Outlook and Thunderbird works fine.
Any ideas?

Zyxel_Cooldia

Hi @PiRx2000,
Can you capture packets on USG LAN/WAN interface and send me the packets trace via private message.

PiRX2000

192.168.1.90 Sharp MX5070, 85.128.245.88 mail server

Zyxel_Cooldia

Hi @PiRX2000,
From the packets trace, The Sharp MX-5070 send the message by ESMTP protocol(TCP 587).
Does this device have security policy to allow TCP 587 port?

PiRX2000

Security policy allow tcp587 nothing change. From local support, I received FW 330BDR9ITS-WK48-r74988 - it did not improve anything. For a moment I changed USG20W to my USG40W (with fw 4.25/4.31) and everything started working great. Ubiquiti USG works fine too.
I suppose the problem is the old firmware for USG20W, which has not been updated for two years. Can I expect that Zyxel will update the firmware soon?

Zyxel_Cooldia

Hi @PiRx2000,
Because it enable IP-MAC binding on bridge interface. when the SharpMX packets coming up to USG and it does not match the IP-MAC binding table, then it drop on Bridge interface(Lan)

That’s why, even you disable the firewall rule, the packets is still unable to send out. Please add SharpMX to IP to "Exempt  List" and try it again.

PiRX2000

It solved the problem. TNX Zyxel_Cooldia