Solved

Pop3 thru sonic wall

Posted on 2004-08-22
9
1,044 Views
Last Modified: 2013-12-19
Previous setup: Windows NT Exchange 5.5, direct one to one NAT translation with external IP address thru Sonic Wall Pro 200 with Field Salespersons accessing email thru pop3 request from exchange server.

Current:
1.Installed Symantec Gateway for SMTP
2.Changed direct NAT thru Sonic Wall to point at SMTP Gateway
3.Installed DNS Server on Domain
4.Created rule to open port 110 thru Sonic Wall (POP3 request to LAN)

All works fine except POP3 accounts cannot log in.
Sonic Wall Pro 200 does not have a direct port forwarding option, that I can find, to point POP3 requests directly to the exchange server and bypass the SMTP Gateway and their tech support is in India.(They have been helpful but the language barrier is difficult and I do not know if they exactly understand my issue)
0
Comment
Question by:itsmedtt
  • 5
  • 4
9 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 11868375
hi itsmedtt, what you need is just a port forwarding for incoming POP3 access. i am not sure if SonicWall Pro 200 does not support this, you know, it is very common feature which is supported by most firewall prodcuts. could you please tell me the URL that i can download its user manual for study. thanks, bbao
0
 

Author Comment

by:itsmedtt
ID: 11873931
http://www.sonicwall.com/services/pdfs/InternetSecurityApplianceFamilyManual.pdf

This is the only link that I found for them.

I was thinking of buying a Linksys router that as port forwarding on it and sticking it in front of the Sonicwall, doing a one to one nat translation to the Linksys and seperating the ports there as a temporary solution to buy me time for research and evaluation of a more permanenet solution. Can you think of any holes in that temp solution?
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 11874596
you can do it, with the "Public LAN Server" feature of this box, by adding a known service, you may make your email server visible on the internet. btw, you may even custom a specific server that is not listed in its list of known service.

thanks for the manual's URL, you may find more detailed information from page 129 to 130.

hope it helps,
bbao
0
 

Author Comment

by:itsmedtt
ID: 11877797
Greetings,

Yes I have already set those rules. And port 110 is open to the LAN. I have also verified that port 110 on the exchange is listening. I am not certain but I think that the issue maybe in the DNS settings. I have set the MX record toward the mail server.

Ay other suggestions?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 11877848
> Yes I have already set those rules. And port 110 is open to the LAN.

you mean you have already tried to open port 110 using the public LAN server feature of the firewall?

> I have also verified that port 110 on the exchange is listening.

how did you vierify that the port 110 is under licstening status? by using "TELNET ExchangeServer 110" command from the outside?

> I am not certain but I think that the issue maybe in the DNS settings.

who resolves the DNS name for your domain name? your local DNS server or your local ISP?

> I have set the MX record toward the mail server.

try "TELNET IPaddress 110" at first

later,
bbao
0
 

Author Comment

by:itsmedtt
ID: 11888117
Yes I have already set those rules. And port 110 is open to the LAN.

>you mean you have already tried to open port 110 using the public LAN server feature of the firewall?

Yes, I have set the service feature allowing pop3 access thru the firewall and also etablished the rules to allow it access the IP address of the Exchange server.

>how did you vierify that the port 110 is under licstening status? by using "TELNET ExchangeServer 110" command from the outside?

I ran a port scan on the server from the server. ( per directions from support.microsoft.com, the link is at work or I would add to post, sorry)

>who resolves the DNS name for your domain name? your local DNS server or your local ISP?

The ISP has been the only DNS running for the Domain. Last Thursday the subscription for Sonic Wall virus filter expired.( I am new on this network, just started a few weeks ago and have been trying to extinguish fires and learn the network) The company had already purchased the symantec enterprise suite but had only installed the coporate virus protection. When the when the firewall stopped stripping attachments we were flooded virus and adware. As soon as I realized the problem I grabbed a spare box and installed The Symantec Gateway. It needed a local DNS so I I brought up another box for DNS. Then I redirected the NAT one to one from the exchange server to the Gateway. All seems to be working well with the exception of a few workstations with Office 2003 not being able to connect to the exchange server (I added the local DNS server in their network settings and they are working fine now) and access to POP3 from the internet.


try "TELNET IPaddress 110" at first
0
 

Author Comment

by:itsmedtt
ID: 11894990
OK found the problem posted at symantec.
They list a work around. Seems a little fuzzy to me. Do you have any insight or greater detail on how to accomplish this?
http://service1.symantec.com/SUPPORT/ent-gate.nsf/dc983c4134c90dfd88256c0e00592490/a0580e488ff140c188256dcf0001a3e0?OpenDocument&src=bar_sch_nam
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 500 total points
ID: 11895501
hehe, it looks that symantec solution is so strange. :) so it seems you should setup symantec gateway software on another machine (or same machine with additional IP), then change your DNS server's settings to distinguish server-server and client-server smtp taffic, and define new firewall rules to forward incoming smtp requests to different servers. can you reconfigure your DNS and symantec SMTP gateway?
0
 

Author Comment

by:itsmedtt
ID: 11897677
Thanks bbao,

I think I got it. Used another static IP from ISP called it pop.mail.mydomain.com, ran NAT thru Sonic Wall  and all seems right with the world.

Thanks
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now