Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SMG V10 - Second NIC added, no more email flow

Created: 19 Feb 2013 | 10 comments

Hello together,

Our fresh installed SMG 10 is running fine but now I have a question regarding a second IP address.

Configuration:

DMZ, single IP for inbound / outbound

For quarantine access I need a second NIC. I configured a second NIC (different network) and realized that no more emails were incoming and outgoing from this time on.

I have directly switched back to the config with 1 NIC to minimize the breakdown.

Is it possible that the SMG tried to route the emails over the second NIC although SMTP incoming and outgoing is configured for NIC1?

What I want to achieve is that the email flow is still using NIC1, NIC2 is only for Quarantine access needed for internal clients.

How can I achieve this?

Thanks for your help!

Discussion Filed Under:

Comments 10 CommentsJump to latest comment

HanSchneider's picture

Hi,

please tell us exactly what you did.

First of all, one IP Adresse for inbound and outbound should only be used in Testlabs. It would even be better to assign a second virtuall IP Address.

What you try should be possible!

You must add the second NIC.

Then go to the Web interface of the SMG.

Adminitration - Configuration -> klick on the host in the right panel

Than on the Ethernet page and fill in the second IP Address. Atenttion: don't change the GW.

Do not change anything on the SMTP Setting.

Then go to Spam -  Quarantine Settings -> Spam Quarantine login URL: and fill in the DNS - Name oder the new IP - Adress on that URL.

bschulz's picture

Hello,

Thanks for your answer!

I just added a new NIC for the virtual machine, rebooted.

Then activated the second NIC in Configuration -> Ethernet and assign the IP address.

First NIC is the DMZ IP address, second NIC = internal address, same subnet as Exchange server.

Then confirmed the settings and after that no emails were received or sent out.

The settings for quarantine are all ok and working. Only problem is that emails will not send or receive if I activated the second NIC, inbound / outbound settings are still enabled for NIC 1!

A little bit strange, do you have any idea?

HanSchneider's picture

Hi,

yes that is strange.

We have added an second NIC and asigned an IP - Address for the Management LAN, and everythink is still working fine.

Please reproduce that and have a look at the logs and queues, why the mails will not be send. 

Sorry, but I don't really know where the sould be a problem.

bschulz's picture

I have checked the logs from that time I added the second NIC. I couldn't find anything that shows a problem regarding the NIC or SMTP problems.

Very strange. I think it's a small & easy thing... hmm. Maybe a setting on our firewall?!

HanSchneider's picture

But how should that be a setting on your firewall. You have an existing configuration of the mailflow that is working. So DNS Server is right, hops are right, SMTP Settings are OK. Now you just add another network, that has nothing to do with the mailflow. 

Are you sure that there was no change on the SMTP Settings when you added the NIC?

bschulz's picture

You are right, normally it doesn't matter what is configured there when our mail flow is ok.

This was just a point I will check that I can be sure that all is ok.

I tried to configure a second nic twice and everytime I checked all the SMTP settings and also rebooted and checked again and every SMTP setting was still configured for the NIC1, DMZ network. no change!

Strange is, that I configured the second nic and then the Control Center was only reachable at NIC 2 with the internal IP.

At the weekend I will try again and give you a status what's happened.

Cricket17's picture

Did you configure / associate the interfaces with the flows.  On the Scanner, look at SMTP Delivery Bindings

bschulz's picture

Hi Cricket,

As already described, I have nothing changed and all SMTP settings, Delivery Bindings included, are still configured for the NIC1.

I planned to try again on the weekend, but was ill and not able to do anything.

bschulz's picture

Hello together,

Last night a started a new try and get it running. But I had to change the SMTP Bindings, because after adding the second NIC I had the same state as last time.

I changed the Outbound SMTP setting to the second NIC and changed the SMTP Delivery Bindings that only non-local messages use the Inbound NIC (DMZ network).

Not it's running but I struggled with another thing:

Is it possible that all requests, also to the internal IP (NIC2) will be answered from the default NIC, in my case the DMZ network?

I had to set several static routes, otherwise it was not working.