Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How do I block all traffic from a foreign country using SBS2003 with ISA 2004

Posted on 2006-11-01
4
Medium Priority
?
263 Views
Last Modified: 2010-04-09
Hello all,

I would like to setup a rule to block remote smtp connections from China and Latin America by IP address or range of IP's. I followed the steps outlined in the last post here: http://forums.isaserver.org/m_250018400/mpage_1/key_block%2cchina/tm.htm#250018416 , but now I am getting a ton of event: 15108 warnings in the Application log. What is the proper way to configure ISA to accomplish this task?

Thanks,

Todd  
0
Comment
Question by:MasPreguntas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1500 total points
ID: 17860723
I assume you have published your mail server through a publishing rule? By default the listener that gets configured shows Anywhere as the FROM entry. In the bottom half of the FROM box, you will see an exceptions section.

make subnet entries that cover the IP addresses you want to block port 25 traffic for ( highlight the firewall policy then use the toolbox on the right to create subnets etc) then add these entries to the exceptions box. Save the policy.



0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17860747
Alternatively of course you could add the exclusions within the SMTP service itself but ISA is probably the best place.
0
 
LVL 1

Author Comment

by:MasPreguntas
ID: 17903051
I ended up creating a new address range and creating a new firewall access rule. I called the rule 'Spam-killer' with action set to deny all outbound traffic from the freshly created address range to localhost appied to all users. I chose this method over using the SMTP publishing rule, because I decided to just block all access instead of just SMTP. Your method would have worked, so I'll give you the points.

Thanks.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17904613
Thank you :)
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question