A

11 Messages

 • 

210 Points

Thu, Oct 14, 2021 11:24 PM

E-Mail Server Access Control

Hello,

I am running a vSZ and R550s. They are all up to date.

I have a WLAN that I am working on for Corporate Owned Mobile Devices, basically company phones that come and go. We want this to be isolated from the share resources and basically only want these devices to be able to browse the internet and E-Mail. 

This is where I am stuck... 

I have created a DHCP Pool using VLAN 122. I am using this in the WLAN configuration. I get an IP address and am able to connect and browse the internet no problem. I am using standard authentication with WPA2 and a password.

When I am connected, I receive notifications on my phone through the E-Mail app that I have received an E-Mail. I am not able to send or receive any emails on the app though, it never loads even though I get the notifications. If I try to go to the Web version using the web address, that does not work/ load either, BUT if I use the IP of our email server I am able to get to the Web version no problem. I can also ping the IP, but not the name. 

I am thinking it is something with DNS. I am using Google DNS Servers and was thinking that I should make a DNS Profile and use 1 Google and our Local DNS. To do that I would also need to make a L3 Access Control Policy to allow DNS. I am thinking the subnet of VLAN 122, turn off the source and destination ports then turn off the destionation subnet and just use the IP of our DNS server?

Does it sound like I am on the right track or is there a better solution?

Official Rep

 • 

1.3K Messages

 • 

17.7K Points

2 m ago

Hi,

Are you using client isolation option under WLAN settings? If yes, please whitelist desired DNS servers and see if that works.

477 Messages

 • 

5.9K Points

1 m ago

If you can't open site by name, but can by IP, it definitely means that you have DNS issue. As you can access Internet, than generally DNS obviously works, but problem is only with resolving e-mail server IP.

Is your e-mail server on public or internal network? If it is internal server with internal IP, no public DNS will resolve it, only your internal DNS can know about this server. 

Server must be on public IP address, and must be registered in DNS to be available for by name. If you want to access e-mail server through internal address, you must use your local DNS, which includes record for the server with local IP under it's name.

   

Usually e-mail servers are located in DMZ and have external address forwarded to server internal address, and usually you should use the QQDN server name for access, so when in the internal network, it's resolved to internal IP, when you are outside, it's resolved to external IP and you are OK in both cases. 

11 Messages

 • 

210 Points

1 m ago

The issue was with DNS, I had created a DNS Profile thinking that was it, but still had the same issue after making it. I totally forgot about the DNS setting in the DHCP Pool configuration. After I made the change there (added my local DNS Server) it was good

Official Rep

 • 

1.3K Messages

 • 

17.7K Points

@ashour_shamoon glad to know that issue has been fixed!

Regards,

Syamantak Omer

Official Rep | Staff TSE | CWNA | CCNA | RASZA | RICXI

Follow me on Linkedin

Important Announcement