How to configure Zimbra behind an Hardware Firewall

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Navata
Posts: 4
Joined: Thu Dec 18, 2014 1:53 am

How to configure Zimbra behind an Hardware Firewall

Postby Navata » Thu Dec 18, 2014 1:58 am

Hello All,



I am using Zimbra for Email Server.


OS - CentOS 6.5


As of now I have given Public IP directly to Email Server and its working fine. I want to know how to configure the Email Server, behind an Hardware Firewall for extra layer of security.



If any one can help, it would be great. Any document with steps.



Thanks


Anupam




rgsweetnam
Posts: 10
Joined: Thu Dec 18, 2014 3:14 am

How to configure Zimbra behind an Hardware Firewall

Postby rgsweetnam » Thu Dec 18, 2014 3:49 am

You can assign your public IP address to your firewall and then configure NAT on the firewall to forward ports 25 and 443 to the internal IP address of your Zimbra server.



This should allow your ZCS to receive mail and allow clients to access the web client using HTTPS.
Navata
Posts: 4
Joined: Thu Dec 18, 2014 1:53 am

How to configure Zimbra behind an Hardware Firewall

Postby Navata » Thu Dec 18, 2014 3:54 am

I have assigned the Public IP to Firewall and from there I did natting for the Zimbra Server. But there was a huge amount of delay in sending and receiving the mail.



Do I need to change anything on the ZCS?



Thanks

Anupam
phoenix
Ambassador
Ambassador
Posts: 26331
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

How to configure Zimbra behind an Hardware Firewall

Postby phoenix » Thu Dec 18, 2014 3:55 am

You need valid DNS A & MX records behind the router, you need to read the wiki article on Split DNS.

Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
rgsweetnam
Posts: 10
Joined: Thu Dec 18, 2014 3:14 am

How to configure Zimbra behind an Hardware Firewall

Postby rgsweetnam » Thu Dec 18, 2014 3:58 am

Hi Anupam,



You will have to change the IP address of your Zimbra server to one that is available in your internal network.
Navata
Posts: 4
Joined: Thu Dec 18, 2014 1:53 am

How to configure Zimbra behind an Hardware Firewall

Postby Navata » Thu Dec 18, 2014 4:05 am

Hi rgsweetnam,



Thank you for your support.



Below are the details of Network.



Public IP - 111.93.9.x

Local IP - 172.17.0.4 (Zimbra Server)

Firewall IP - 172.17.0.20



The Gateway and DNS on Zimbra Server are of the Firewall - 172.17.0.20



In firewall did an IP forwarding for Zimbra Server - 111.93.9.x - 172.17.0.4



Let me know what more has to be done?



Thanks

Anupam
rgsweetnam
Posts: 10
Joined: Thu Dec 18, 2014 3:14 am

How to configure Zimbra behind an Hardware Firewall

Postby rgsweetnam » Thu Dec 18, 2014 4:08 am

That looks okay. All you have to do is test it.



Send a mail to yourself from a gmail account or other external mail account.



Keep an eye on /var/log/zimbra.log to see if mail is arriving at the MTA.



Also make sure DNS works correctly on your Zimbra Server. for example ping google.com from the command line.



If you run into problems with DNS you should read the article that Phoenix linked to above.
Navata
Posts: 4
Joined: Thu Dec 18, 2014 1:53 am

How to configure Zimbra behind an Hardware Firewall

Postby Navata » Thu Dec 18, 2014 4:19 am

I have tried sending email from other account to Zimbra and vice versa.



I was able to send emails but there was a huge delay (Ex: Sent an email at 4.32pm and received at 6.36pm)



I will once again check and let you know the results.



If any thing else has to be done. Let me know.



Thanks

Anupam
phoenix
Ambassador
Ambassador
Posts: 26331
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

How to configure Zimbra behind an Hardware Firewall

Postby phoenix » Thu Dec 18, 2014 4:35 am

Do you actually have a DNS server behind your firewall and does it have valid DNS A & MX records for your Zimbra server? It needs those, take a look at the Split DNS article and run all the commands in the 'Verify...' section of that article to check your configuration. The answers to your question are in that article and all over the forums if you search for it.


Take a look at some of the threads in the old Zimbra forums or put the words 'split dns' in the search box at the top of this page.

Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
drzoidberg
Posts: 5
Joined: Fri May 13, 2016 12:06 pm

Re: How to configure Zimbra behind an Hardware Firewall

Postby drzoidberg » Sat Feb 25, 2017 4:00 pm

Hello guys,

If you want to have more zimbra servers behind firewall, what reverse proxy server do you use?

Which way to split/forward these ports 25, 143, 465, 587, 993, 995 to more x zimbra servers. Proxy server in reverse mode does this thing, right?
I want to use 1 domain = 1 zimbra server. Behind only ONE public IP address.
Anybody has some experience with this?

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 23 guests