USG5160 V100R005 nat server故障

发布时间:  2013-06-01 浏览次数:  205 下载次数:  0
问题描述
防火墙型号USG5160 版本V100R005,用防火墙出接口200.200.200200的25与110端口映射到内部一台mail服务器10.10.10.10的25与110端口,通过公网只能收邮件不能发邮件但在内部网络既能收也能发邮件。
关键配置:
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone trust untrust direction outbound

nat server 1 protocol tcp global 200.200.200.200 25 inside 10.10.10.10 25
nat server 2 protocol tcp global 200.200.200.200 110inside 10.10.10.10 110

policy interzone trust untrust inbound
policy 0
  action permit
policy service service-set tcp
 policy destination 10.10.10.10
告警信息
处理过程
修改域间包过滤策略如下:

policy interzone trust untrust inbound
policy 0
  action permit
policy service service-set tcp
policy service service-set udp
policy destination 10.10.10.10
根因
域间包过滤配置错误
建议与总结
无。

END