OK, I’ll try to explain: I have my mail server on a vlan called LAN (green interface) and my cloud server in a vlan called DMZ (orange interface). I would like to permit my cloud server to send emails through my mail server using internal port forward (maybe hairpin nat?). Is it possible? How can I do that?
In the firewall object, you can make two CIDR objects, one for each subnet.
After this, you can make the rules to allow traffic to one object to the second.
If you want to be more restrictive, you can play with other objects like computer, or service
And you make the rule in the firewall rules…
I just read your initial post, and I will suggest another solution.
Put your email server in the DMZ too, like this your two servers will discuss without problem and without open your green lan.
Thank you Jim! It works. Unfortunately I cannot put the server in dmz now, because It’s an Exchange and I don’t have an edge transport server for the wan stuff…But forwardin just the port 25 to dmz works perfectly!! Thank you.