What you haven't illustrated is the outbound connection to the Internet - I assume that the web/mail server is indeed exposed to the outside.
It could be that the firewall rule that allows inbound traffic to the Web server supersedes the rule that would allow your internal traffic to the SFTP server.
In the firewall softwares I have dealt with, rules are evaluated linearly until a match is found. A mistake in ordering for your outbound and inbound traffic rules could be causing the issue.
If you have an internal IP address assigned to the web/mail server and an external IP address, then accessing it will indicate if you're coming in from the outside or inside.
As you're using a third-party solution, I have little expertise in the matter. My domain of knowledge is with IPF and PF rulesets, which can be tested individually and composed together.
It could be that the firewall rule that allows inbound traffic to the Web server supersedes the rule that would allow your internal traffic to the SFTP server.
In the firewall softwares I have dealt with, rules are evaluated linearly until a match is found. A mistake in ordering for your outbound and inbound traffic rules could be causing the issue.
If you have an internal IP address assigned to the web/mail server and an external IP address, then accessing it will indicate if you're coming in from the outside or inside.
As you're using a third-party solution, I have little expertise in the matter. My domain of knowledge is with IPF and PF rulesets, which can be tested individually and composed together.
Slave to the Patriarchy no more
