Configure a port forwarding rule
You can create a port forwarding rule to forward incoming SMTP and SMTPS traffic to mail servers based on the ports.
Network diagram
This example shows how to forward SMTP and SMTPS traffic, which use ports 25 and 587, to the mail servers in the DMZ.
The IP address details are as follows:
- Mail servers' public IP address: 203.0.113.1 (
MailServers_PublicIP
) - Mail servers' internal IP addresses: 10.145.15.41 and 10.145.15.42 (
MailServers_IPRange
)
You must configure the following rules and settings:
- Destination NAT (DNAT) rule: Translates traffic from external sources to the internal mail servers.
- (Optional) Loopback NAT rule: Translates traffic from internal sources to the internal mail servers.
- Reflexive NAT rule: Translates outgoing traffic from the servers.
- Firewall rules: Allow incoming and outgoing mail server traffic.
Configure NAT rule with port forwarding
To forward SMTP and SMTPS traffic to the mail servers, do as follows:
- Go to Rules and policies > NAT rules and select IPv4.
- Click Add NAT rule and click New NAT rule.
- Specify the rule name and rule position.
- Set Original destination to
MailServers_PublicIP
. -
Set Translated destination to the IP host
MailServers_IPRange
.In this example, the IP host is configured with the mail servers' IP range shown in the network diagram.
-
Set Original services to SMTP(s).
The default destination ports for the service are 25 and 587 on the firewall.
-
Set Translated services to Original.
-
(Optional) Select Create loopback rule to translate traffic from internal users to the internal mail servers.
- Select Create reflexive rule to create a source NAT rule that translates outgoing traffic from the mail servers.
- Set Load balancing method to Round-robin.
-
Click Save.
Configure firewall rule for incoming traffic
Configure a firewall rule to allow incoming traffic from internal and external sources to the mail servers.
- Go to Rules and policies > Firewall rules and select IPv4.
- Click Add firewall rule and click New firewall rule.
-
Set Source zones to LAN and WAN.
The settings allow traffic from internal and external sources.
-
Set Destination zones to DMZ.
In this example, the mail servers are in the DMZ.
-
Set Source networks and devices to Any.
- Set Destination networks to
MailServers_PublicIP
. - Set Services to SMTP(s).
-
Click Save.
Configure firewall rule for outgoing traffic
Configure a firewall rule to allow outgoing traffic from the mail servers to internal and external sources.
- Go to Rules and policies > Firewall rules and click IPv4.
- Click Add firewall rule and click New firewall rule.
- Specify the rule name and rule position.
- Set Source zones to DMZ.
- Set Destination zones to LAN and WAN.
- Set Source networks and devices to
MailServers_IPRange
. - Set Destination networks to Any.
-
Set Services to SMTP(s).
-
Click Save.