Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

inetrnal mail failing to flow when we setup the gateway enforcer

Created: 20 Nov 2011 | 3 comments
awmhove's picture

he guys

i setup a symantec gateway enforcer between the router and the switch that links the servers. the router links to other subnets. When i enforce the gateway enforcer the internal e-mail does not flow. what could be the problem, can you assist?

Comments 3 CommentsJump to latest comment

Chuck Edson's picture

Without knowing exactly what your plan is, I will have to take a stab in the dark here . . . .

It appears to me that the placement of your gateway Enforcer may be incorrect.  Usually, the GW Enforcer is used at the edge of a network -- the ingress point -- to check clients as they come into the network.

You appear to have placed the GW Enforcer between Servers and Client machines . . . please correct me if I am wrong.  This setup will block all traffic flowing through the Enforcer from the external side unless each machine on the external side of the Enforcer has a SEP client and passes all the host integrity checks.

A GW Enforcer challenges the client machines on UDP 39999, so if the Windows (or any other) firewall is active on any machines on the external side of the Enforcer, and UDP 39999 is not allowed, then all the clients will be blocked.  If this port is blocked, the logs in the SEPM will point to "No client installed" because the clients did not respond to the challenge packet.

You could also exclude all SMTP traffic from being checked, but that may be overkill.

If a post helps you, please mark it as the solution to your issue.

awmhove's picture

i placed the GW Enforcer between the clients and the servers so as to ensure anybody with access to the servers  is compliant with our policies. every client machine should have a managed SEP client. now i dont understand why only the mail traffic is affected.

Chuck Edson's picture

The Enforcer is designed to allow all traffic to flow from the Internal interface to the external interface untouched.  Nothing should be blocked when going "outbound" (in your case from the Servers to the Clients).

Are you seeing the Enforcer block "outbound" SMTP traffic (like email being sent by Exchange to another SMTP server in your organization), or are you having issues connecting Outlook to Exchange?

If a post helps you, please mark it as the solution to your issue.