I'm wondering if anyone has a similar setup and got it working. I'd like to have both SMTP services enabled on two ISPs for load-balancing and redundancy. I tried using PBF but couldn't get it working. It seems SMTP for ISP1 works fine but SMTP for ISP2 comes into the firewall but the application is incomplete. Which tells me the 3 way handshake is not completing. I took a pcap and didn't see any drops however. I followed the articles below as guidelines:
eth1/1.2 ISP1 18.104.22.168
eth 1/1.3 ISP2 22.214.171.124
Inside 10.1.1.1 - STMP server is 10.1.1.25
Security allows SMTP traffic to both ISPs
NATs for both ISPs (inbound and outbound on SMTP service)
Default route is 126.96.36.199
PBF to force symmetric return if interface comes in from from eth1/1.3
PBF forces browsing to 188.8.131.52
From what I can tell all the policies that I've defined are being hit and symmetric return is being acknowledged but the traffic is not going through. Traffic for ISP1 is identified as SMTP but for ISP2, it is incomplete.
I've got a TAC opened but also wanted to check with our awesome community!
do you have a single Virtual Router with attached both ISPs?
I suggest you to follow this article:
You need to follow this article without the VPN parts.
I have already done the same configuration you described and it works fine.
Let me know.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!