FTGate as a DMZ server
Many organizations use a firewall configured with a DMZ to act as a connection point between the LAN and the Internet. The DMZ allows services that must be available for connection to the Internet to be seperated from the LAN portion of the network and thus prevent direct access from the Internet to LAN machines.
The use of the DMZ does raise the issue of how traffic will pass from the Internet to the LAN.
Using FTGate as a DMZ relay
FTGate can be placed in the DMZ and used to relay incoming mail from the Internet to a mail server (FTGate or otherwise) in the LAN. In this configuration the SMTP filters (PTR, SPF , RBL ,HELO/ELHO ) and Anti-Virus can be used to verify the source of the messages before they are passed to the LAN server. When used in this way there is no requirement for a direct connection between the Internet and the LAN mail server.
To configure FTGate as a DMZ relay
-
Install FTGate on a machine in the DMZ
-
Configure external mail systems to send to the FTGate machine (either from your ISP or via your MX DNS records)
- Create a new Remote Domain in the name of your domain (Creating Domains)
-
Configure the new Domain to send to the LAN based server (Remote Domains)
-
Configure the LAN based server to send its outbound mail to FTGate
-
Configure the IP Security for the SMTP server to automatically authenticate the LAN server (Relay Control and Authentication)
Diagram
