Juniper SSG20 IP settings for email server
- by codemonkie
We have 5 usable external static IP addresses leased by our ISP: .49 to .53, where
.49 is assigned to the Juniper SSG20 firewall and NATed for 172.16.10.0/24
.50 is assigned to a windows box for web server and domain controller
.51 is assigned to another windows box with exchange server (domain:
mycompany1.com) mx record is pointing to 20x.xx.xxx.51
Currently there is a policy set for all SMTP incoming traffic addressed to .51 forward to the NATed address of the exchange server box (private IP: 172.16.10.194).
We can send and receive emails for both internal and external, but the gmail is saying mails from mycomany1.com is not sent from the same IP as the mx lookup however is from 20x.xx.xxx.49:
Received-SPF: neutral (google.com: 20x.xx.xxx.49 is neither permitted nor denied by
best guess record for domain of [email protected]) client-ip=20x.xx.xxx.49;
Authentication-Results: mx.google.com; spf=neutral (google.com: 20x.xx.xxx.49 is
neither permitted nor denied by best guess record for domain of
[email protected]) [email protected]
and the mx record in global dns space as well as in the domain controller .50 for mail.mycompany1.com is set to 20x.xx.xxx.51
My attempt to resolve the above issue is to
Update the mx record from 20x.xx.xxx.51 to 20x.xx.xxx.49
Create a new VIP for SMTP traffic addressed to 20x.xx.xxx.49 to forward to 172.16.10.194
After my changes incoming email stopped working, I believe it has something to do with the Juniper setting that SMTP addressed to .49 is not forwarded to 172.16.10.194
Also, I have been wondering is it mandatory to assign an external static IP address to the Juniper firewall?
Any helps appreciated.
TIA
