Page 1 of 2

How to configure Zimbra behind an Hardware Firewall

Posted: Thu Dec 18, 2014 1:58 am
by Navata

Hello All,



I am using Zimbra for Email Server.


OS - CentOS 6.5


As of now I have given Public IP directly to Email Server and its working fine. I want to know how to configure the Email Server, behind an Hardware Firewall for extra layer of security.



If any one can help, it would be great. Any document with steps.



Thanks


Anupam



How to configure Zimbra behind an Hardware Firewall

Posted: Thu Dec 18, 2014 3:49 am
by rgsweetnam
You can assign your public IP address to your firewall and then configure NAT on the firewall to forward ports 25 and 443 to the internal IP address of your Zimbra server.



This should allow your ZCS to receive mail and allow clients to access the web client using HTTPS.

How to configure Zimbra behind an Hardware Firewall

Posted: Thu Dec 18, 2014 3:54 am
by Navata
I have assigned the Public IP to Firewall and from there I did natting for the Zimbra Server. But there was a huge amount of delay in sending and receiving the mail.



Do I need to change anything on the ZCS?



Thanks

Anupam

How to configure Zimbra behind an Hardware Firewall

Posted: Thu Dec 18, 2014 3:55 am
by phoenix

You need valid DNS A & MX records behind the router, you need to read the wiki article on Split DNS.


How to configure Zimbra behind an Hardware Firewall

Posted: Thu Dec 18, 2014 3:58 am
by rgsweetnam
Hi Anupam,



You will have to change the IP address of your Zimbra server to one that is available in your internal network.

How to configure Zimbra behind an Hardware Firewall

Posted: Thu Dec 18, 2014 4:05 am
by Navata
Hi rgsweetnam,



Thank you for your support.



Below are the details of Network.



Public IP - 111.93.9.x

Local IP - 172.17.0.4 (Zimbra Server)

Firewall IP - 172.17.0.20



The Gateway and DNS on Zimbra Server are of the Firewall - 172.17.0.20



In firewall did an IP forwarding for Zimbra Server - 111.93.9.x - 172.17.0.4



Let me know what more has to be done?



Thanks

Anupam

How to configure Zimbra behind an Hardware Firewall

Posted: Thu Dec 18, 2014 4:08 am
by rgsweetnam
That looks okay. All you have to do is test it.



Send a mail to yourself from a gmail account or other external mail account.



Keep an eye on /var/log/zimbra.log to see if mail is arriving at the MTA.



Also make sure DNS works correctly on your Zimbra Server. for example ping google.com from the command line.



If you run into problems with DNS you should read the article that Phoenix linked to above.

How to configure Zimbra behind an Hardware Firewall

Posted: Thu Dec 18, 2014 4:19 am
by Navata
I have tried sending email from other account to Zimbra and vice versa.



I was able to send emails but there was a huge delay (Ex: Sent an email at 4.32pm and received at 6.36pm)



I will once again check and let you know the results.



If any thing else has to be done. Let me know.



Thanks

Anupam

How to configure Zimbra behind an Hardware Firewall

Posted: Thu Dec 18, 2014 4:35 am
by phoenix

Do you actually have a DNS server behind your firewall and does it have valid DNS A & MX records for your Zimbra server? It needs those, take a look at the Split DNS article and run all the commands in the 'Verify...' section of that article to check your configuration. The answers to your question are in that article and all over the forums if you search for it.


Take a look at some of the threads in the old Zimbra forums or put the words 'split dns' in the search box at the top of this page.


Re: How to configure Zimbra behind an Hardware Firewall

Posted: Sat Feb 25, 2017 4:00 pm
by drzoidberg
Hello guys,

If you want to have more zimbra servers behind firewall, what reverse proxy server do you use?

Which way to split/forward these ports 25, 143, 465, 587, 993, 995 to more x zimbra servers. Proxy server in reverse mode does this thing, right?
I want to use 1 domain = 1 zimbra server. Behind only ONE public IP address.
Anybody has some experience with this?