Hi, I am trying to help a friend with some setting up, or actually, it is partially set up already at this point by some external consultant.   An MX84 is connected to the internet (got AMP as well), and on the intranet there is a Windows Server 2016 with Exchange, SQL, file server. The Webmail and a "webserver DMZ" should be reachable from the internet on their respective public IPs, and currently 1:1 NAT mappings are in place for port 443 (webmail) on PublicIP1 to InternalIP1 and 25 for the webserver dmz which I believe is Exchange sending emails out for PublicIP2 to InternalIP2. This Exchange Server does not receive mails directly btw.   The question is now what else needs to be configured in the Level 3 Firewall settings, to prevent this from becoming insecure? I am assuming there should be a rule in place to limit the DMZ access to the Internal network, i.e. having ALLOW Any InternalIP2Range (DMZ) to InternalNetworkRange Any would be silly (that's how it is right now, which looks a bit questionable, no?  Many thanks for - probably obvious - hints! 🙂  ... View more