+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 28 of 28
Internet Related/Filtering/Firewall Thread, Help with our Exchange & TMG Setup - No External Mail! in Technical; done the logging?...
  1. #16

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    78
    done the logging?

  2. #17
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    I have enabled the logging as you have said, I don't know what to do after on that through

    Also I have found this under the TMG logging

    e: Firewall service
    Status: A connection was abortively closed after one of the peers sent an RST packet.
    Rule: [System] Allow SMTP traffic to the local host for mail protection and filtering
    Source: Internal (213.199.154.203:50016)
    Destination: Local Host (10.146.65.31:25)
    Protocol: SMTP
    Additional information
    Number of bytes sent: 60 Number of bytes received: 40
    Processing time: 0ms Original Client IP: 213.199.154.203


    So it looks like the mail is getting to the the TMG server if i'm correct?

    It it looks like the problem is the tmg server to the exchange server.

    Are there mean to be any smtp or smtps for a tmg rule?

  3. #18

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    78
    can you telnet from TMG ti Exch and send an email?

  4. #19

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    78
    seems like the issue is with the smtp rules, can you go over them?
    or post them

  5. #20
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    Ok this is how I have setup SMTP rules at the momment

    1- Firewall Policy, New, Mail Server Publishing Rule

    2- Mail Server Publishing Rule Name (Exchange)

    3- Client Access: RPC, IMAP, POP3, SMTP

    4- Error now comes up saying 'Forefront TMG detected a single adaptor configuration. Server publishing rules are not supported in a single network adaptor configuration. Do you still want to create a server publishing rule?

    5- yes button

    6- Ticking all boxes (Outlook RPC, POP3, IMAP4, SMTP, POP3 Secure, IMAP4 Secure, SMTP Secure) I have just tried to just use SMTP and SMTP Secure, and nothing else.

    7- Type in Server IP Address (10.146.65.20)

    8- Listen for request from these networks - Use internal with TMG IP Address (10.146.65.31)

    9- Finish
    Last edited by pritchardavid; 25th August 2012 at 10:31 AM.

  6. #21

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by pritchardavid View Post
    Ok this is how I have setup SMTP rules at the momment

    1- Firewall Policy, New, Mail Server Publishing Rule

    2- Mail Server Publishing Rule Name (Exchange)

    3- Client Access: RPC, IMAP, POP3, SMTP

    4- Error now comes up saying 'Forefront TMG detected a single adaptor configuration. Server publishing rules are not supported in a single network adaptor configuration. Do you still want to create a server publishing rule?

    5- yes button

    6- Ticking all boxes (Outlook RPC, POP3, IMAP4, SMTP, POP3 Secure, IMAP4 Secure, SMTP Secure) I have just tried to just use SMTP and SMTP Secure, and nothing else.

    7- Type in Server IP Address (10.146.65.20)

    8- Listen for request from these networks - Use internal with TMG IP Address (10.146.65.31)

    9- Finish
    Is it actually a single adapter setup, this will break things.

  7. #22
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    The TMG server is a virtual server and it has two virtual network cards. So I'm not sure why its saying that, or is it because I did setup it as a single network adapter topology when I setup TMG. I added the second virtual Ethernet card the other day when this message came up, thinking it would get rid of this error!

    So you think this is the problem then mate? Does it need changing to a different topology? if so how would you do that a reinstall?

    Or would UAG provide this in a single network adaptor topology?

    I wouldn't know what other topology to pick if needed.
    Last edited by pritchardavid; 25th August 2012 at 11:10 AM.

  8. #23

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    I'd go for a reinstall, TMG is a nightmare with its settings, once it gets something in its head its stuck. You also want each adapter in a separate IP subnet so that it can distinguish what is going on.

  9. #24
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    Thanks SYNACK

    Well I have managed to change to edge firewall by rerunning the wizard, but still no external emails working

    Might have to reinstall like you said, but that can I check a few things with you please?


    Internal Card

    - Internal DNS Server IPs?
    - No Gateway?
    - Normal Subnet Mask 255.255.248/24? (IP Address Range Allocated from the council 10.146.64.1-10.146.71.250)
    - IP address 10.146.65.34

    External Card

    - Internal DNS Server IPs?
    - Normal Gateway Address? (Modem that's the fibre is connected to before our main HP switch)
    - What subnet mask?
    - IP address which is already nated for a public IP address (Internal is 10.146.65.31 for this)


    Also how to I setup the SMTP rules?
    What network do I select for the listener? internal or external or both?

    Also with our two existing web listeners http/https do they stay in the internal network or now the external network, I'm guessing it stays the same, just want to make sure.
    Last edited by pritchardavid; 25th August 2012 at 02:06 PM.

  10. #25

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    To use it as a firewall it needs to be at the border between two networks, this means that it's external interface would exist on the LEA IP range and the rest of the school would exist NATed behind it in a separate range. I have always found it odd the way that the LEA networks work as they seem to be setup to punish good practice rather than reward it.

    The external adapter should be on the IP 10.146.65.31 with the subnet mask allocated and the default gateway set to the upstream device. It's DNS should point to the internal AD DNS servers.

    The internal adapter could use a different network like 172.16.x.x that holds all of your client PCs and servers, again DNS points at AD.

    The listeners should be on both internal and external.

  11. #26
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    Damn that's goanna be one nasty job, everything thing is set on 10.146.* range

    Is it worth a try using Exchange Edge with TMG?

  12. #27

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    78
    If you want the added benefits of an Edge.

  13. #28

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    If it's in a VM environment you may be able to use untangle or something to NAT the traffic from the LEA IP to a 172 address then into the external Interface of the ISA. Convoluded but it should trick it into working.



SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Help with Exchange 2010
    By phreak in forum Enterprise Software
    Replies: 4
    Last Post: 23rd May 2012, 04:14 PM
  2. Replies: 15
    Last Post: 11th January 2011, 10:32 AM
  3. Help with Exchange 2007
    By laputa01 in forum Windows
    Replies: 3
    Last Post: 4th November 2008, 03:00 PM
  4. *CRYING* Help with a BroadBand Router and our Network
    By ninjabeaver in forum Wireless Networks
    Replies: 25
    Last Post: 2nd December 2005, 11:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •