Troubleshooting › Prevent Loop-back Problems

Prevent Loop-back Problems

A loop-back situation can occur when CA Gateway Security resolves an IP address through MX lookup. This can occur when network address translation (NAT) points back to the same CA Gateway Security computer or when MX lookup produces an address that points back to the same or another CA Gateway Security for SMTP computer.

Here are some possible scenarios:

• CA Gateway Security is installed at IP address 10.0.0.2 and SomeDomain.com has only one MX record. This record, Mail.SomeDomain.com, has an A record that points to 1.2.3.4. The firewall translates 1.2.3.4 back to 10.0.0.2, which is the CA Gateway Security computer address.
• CA Gateway Security is installed at IP address 10.0.0.0 and is listening on port 25. It tries to deliver a message, but the mail server rejects the message. This can happen for two reasons: The CA Gateway Security that is running on 10.0.0.0 performs an MX lookup that produces an IP address of 10.0.0.0, or it produces an address for a remote CA Gateway Security SMTP computer (10.0.0.1, port 25) that eventually causes a loopback.

To prevent loop-back problems, follow these steps:

1. Open the Manager Console on the Control Center.
2. Select Filtering, Settings, Enterprise Settings, Loop-back Settings, General.

   The Loop-back Prevention pane appears.

3. Click Add.

   A Server Properties dialog appears.

4. Enter the IP address and corresponding port of a CA Gateway Security computer to use as the SMTP computer.
5. Repeat the previous step, adding all local and remote CA Gateway Security computers to use as SMTP computers. You can also enter NAT devices that point to CA Gateway Security computers.

   For the examples above, add the following:

   1.2.3.4, Port 25
   10.0.0.0, Port 25
   10.0.0.1, Port 25