Solved

How do I block all traffic from a foreign country using SBS2003 with ISA 2004

Posted on 2006-11-01
4
259 Views
Last Modified: 2010-04-09
Hello all,

I would like to setup a rule to block remote smtp connections from China and Latin America by IP address or range of IP's. I followed the steps outlined in the last post here: http://forums.isaserver.org/m_250018400/mpage_1/key_block%2cchina/tm.htm#250018416 , but now I am getting a ton of event: 15108 warnings in the Application log. What is the proper way to configure ISA to accomplish this task?

Thanks,

Todd  
0
Comment
Question by:MasPreguntas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 17860723
I assume you have published your mail server through a publishing rule? By default the listener that gets configured shows Anywhere as the FROM entry. In the bottom half of the FROM box, you will see an exceptions section.

make subnet entries that cover the IP addresses you want to block port 25 traffic for ( highlight the firewall policy then use the toolbox on the right to create subnets etc) then add these entries to the exceptions box. Save the policy.



0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17860747
Alternatively of course you could add the exclusions within the SMTP service itself but ISA is probably the best place.
0
 
LVL 1

Author Comment

by:MasPreguntas
ID: 17903051
I ended up creating a new address range and creating a new firewall access rule. I called the rule 'Spam-killer' with action set to deny all outbound traffic from the freshly created address range to localhost appied to all users. I chose this method over using the SMTP publishing rule, because I decided to just block all access instead of just SMTP. Your method would have worked, so I'll give you the points.

Thanks.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17904613
Thank you :)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in theā€¦
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question