PDA

View Full Version : Enabling Antivirus on UTM-1 rejects SMTP traffic on implied rule



fhoekie
2009-03-07, 18:06
Hi All,

I have problems doing Antivirus scanning on SMTP traffic wih R65 Messaging Security. The antivirus works on HTTP, so thats no problem.
The antispam options(all but antivirus) also work.
CP seems to be in the dark...

Who can help me?

Greetz F.

Number: 7430
Date: 7Mar2009
Time: 22:57:19
Product: VPN-1 Power/UTM
Interface: SMTP transparent proxy
Origin: splat
Type: Log
Action: Reject
Protocol: tcp
Service: smtp (25)
Source: X.X.X.X (X.X.X.X)
Destination: 192.168.222.16 (192.168.222.16)
Rule: 0 - Implied Rules
Source Port: 2638
Control: Security Server
Email Session ID: {49B2EDBF-0-A01A8C0-7B6}
File Direction: External to DMZ
Recipients Number: 0
Source Country: NLD
Policy Info: Policy Name: Standard
Created at: Sat Mar 07 22:56:07 2009
Installed from: splat

Thorpuse
2009-03-07, 20:47
Known issue - it's a *licensing* bug. AV Scanning for mail is actually handled by the Messaging Security License, NOT the AV license. I know, very logical... Log a call with the TAC, they should be able to fix this.

For those who think SW blades are a good thing, these are the sort of bugs to get ready for...

fhoekie
2009-03-08, 07:37
Known issue - it's a *licensing* bug. AV Scanning for mail is actually handled by the Messaging Security License, NOT the AV license. I know, very logical... Log a call with the TAC, they should be able to fix this.

For those who think SW blades are a good thing, these are the sort of bugs to get ready for...


That would be weird .. its a UTM-1 appliance with a Total Security license. More licensing than you can imagine.
But as you say bug... but I have been on the phone with 3 people from the TAC already!!!... So I have a ticket.

And I see the same behaviour in a LAB I have setup with an eval (all options) license.

Thanks for the input.

F.

fhoekie
2009-03-08, 09:03
K Guys I have found the problem.

In this specific situation we use Manual NAT (because of DUAL ISP).

The Accessrule in the dashboard was like this:
ANY - External IP Mailservers - SMTP
This cause the Antivirus stuff to drop the traffic on an implied rule.

Now I have 2 rules:
ANY - External IP Mailservers - SMTP
ANY - Internal IP Mailservers - SMTP

And it works... sorry guys (CP) you need to work on your logging.

F.

fhoekie
2011-01-22, 16:35
W$ell there is an sk article for it now: sk32198 - After enabling Anti-Virus for a protocol - connections to server configured behind static NAT rejected

But wouldnt it be smarter to put it in the realesenotes or just make it work out of the box?

Fhoekie