Solved

URGENT QUESTION

Posted on 2006-06-21
4
201 Views
Last Modified: 2013-12-04
Dear My reader ,

 

I have here something which is confusing me .

 

The Goal which I want to Implement it is :-

 

1-       Disable Internet – Completely – On All Users inside my Network, which they are using Internet through My ISA Server 2004  Std edition.

 

 

How our Infrastructure is :-

 

We have 1 ISA Server Std Edition 2003, SP2 ISA
ISA Server Configured with 2 NIC as External & Internal .
The External is Connected to HW Firewall device like CISCO PIX Firewall.
The External is Connected to My Internal LAN.
We have Our mail server hosted on Our ISP Side and we are using POP3 & SMTP  [ POP3 Account with MS-OUTLOOK 2003 ].
I have here 60 users are configured as [  SNAT / Web Proxy Client / Firewall Client ] .
 

My ISA Server configuration Firewall Policy as following :-

 

1-Puplish mail server rule for MY Server on ISP for SMTP Protocol .

2-Puplish mail server rule for My Server on  ISP for POP Protocol .

3-Access Rule for Internet .

 

To implement my goal, I did as following :-

 

I disable my Only access rule which is called OPEN Internet .

I left My Publish server role without touching it.

 

I found that , all the users are able to send , but unable to receive and using POP3 at all. And they are unable to browse internet .

 

So , why they are unable to use POP3 while they are able to use SMTP ?

 

But if I disable the Puplish server role, and I change the access rule Protocol from ALL OUTBOUND Traffic to Selected Protocols “ SMTP / POP3 “  , I found that they are able to use SMTP / POP3 but unable to browse internet .

 

My question is , why this Happen ?
0
Comment
Question by:rolamohammed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 16959318
Pop3 uses port 110 for sending and port 25 for SMTP sending. What you should do is allow the IP of the pop3 and smtp. Your rule should be something like:
Allow 10.1.2.0 255.255.255.0 any port to 1.2.3.4 port 25 (for sending)
Allow 10.1.2.0 255.255.255.0 any port to 1.2.3.4 port 110 (for sending)  10.1.2.1-254 is the subnet your users are on, and 1.2.3.4 is the smtp/pop3 server ip
For recieving you should allow:
allow 1.2.3.4 any port to 10.1.2.0 255.255.255.0 any port    again, 1.2.3.4 is the pop3 and or smtp server and the 10.1.2.0 is the private subnet.
It's called egress and ingress filtering. http://en.wikipedia.org/wiki/Egress_filtering http://en.wikipedia.org/wiki/Ingress_filtering
-rich
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question