• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2128
  • Last Modified:

How do I block port 25 for all outgoing traffice except from my mail server

I have a sonic wall tz190. I have created an access rule that deny's any lan to wan on port 25 except for my exchange server. Actually it is 2 rules (my server is at 10.0.0.51) one that block 1-50 and one that blocks 52-254.  This should do it right? There is a rule that allows any to any though.  And it is enabled.  Does this overwrite the deny or do deny rules take priority, like in Windows. If it is setup how can I test it?
0
degoodwin
Asked:
degoodwin
  • 4
  • 3
1 Solution
 
btassureCommented:
Rules will be processed in order. If the first rule is permit any to any then it will match that traffic, permit it and ignore the rest. If you had the list like the attached for example it would allow smtp from the mail server, block it from anywhere else and permit all other traffic.
permit from mail server to any on port 25
deny from any to any on port 25
permit from any to any

Open in new window

0
 
degoodwinAuthor Commented:
The rules are listed as follows:

 # Priority  Source                        Destination       Service                   Action     Users    
 1 1            Bottom Range SMTP All WAN IP         SMTP (Send E-Mail) Deny     All      
 2 2           Top Range SMTP       All WAN IP         SMTP (Send E-Mail) Deny     All      
 3 3            Any                           Any                   Any                         Allow     All      
     

All are enabled.  This is correct, right? How can I test it?
0
 
degoodwinAuthor Commented:
Bottom Range SMTP is 10.0.0.1-50
Top Range SMTP is 10.0.0.51-254
The Exchange server is at 10.0.0.51
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
btassureCommented:
They are processed in priority order. The system you have will work equally well but is less efficient as you add more rules and is not really in best practice.
0
 
degoodwinAuthor Commented:
So does the system check each packet against the rules and if it finds one it mathces then stops processing any more rules. The way you have the rules setup all traffic from mail server on 25 would be allowed first, then it would not bother to look at rules 2 and 3. If the packet is not from mail server and not on port 25 then it would move to rule 2, if it was port 25 traffic from anywhere else it would then get blocked.  If it was any other sort of traffic it wold progress onto 3 which would allow all. Is that how it works.  I understand the subtle difference as to how mine are setup. So if it finds a rule it applies to it stops processing anymore rules?  Is there any way to test port 25 traffic? Can I try telnet on port 25 from a workstation to an outside address and see if it connects? If it fails can I assume that it is being blocked?
0
 
btassureCommented:
Yes to every question :o) That's how pretty much all firewalls work. And yes, telnet to port 25 on an upstream mail server. If it lets you in then it isn't blocked, otherwise your blocks are working.
0
 
degoodwinAuthor Commented:
Thanks.  Looks like it is working after I restarted the server. The rules changes didn't take till after restart.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now