Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 355
  • Last Modified:

Allow SMTP on Pix firewalll

Hi guys:
Our client moving outbound mail through Frontbridge
firewall rules to allow SMTP traffic on port 25 from the following IP address range:
 x.x.88.0/24 (x.x.88.0/24 = x.x.88.1 - x.x.88.254)
The firewall is PIX515E
Can someone please provide me with commands?
Also any impact for this changes on the current mail becuase I just need to allow those IPs and the actual change for moving the outbound mail will take place later?
0
modathir
Asked:
modathir
  • 4
  • 3
1 Solution
 
shareditCommented:
what is frontbridge?  
I dont uderstand? are you saying outgoing smtp is currently blocked?
And you want the IP range of 88.1-.254 to be able to send smtp to frontbridge?
only frontbridge?
typically outbound smtp is not blocked.
please describe your setup ?

is 88.0/24 your only ip range?


0
 
modathirAuthor Commented:
Hi sharedit:
Frontbridge is Microsoft Exchange hosted services for spam filtering our incoming and outgoing will be through them that range of  IPs are their IPs my question do I need to allow these IPs on our firewall?
check the Frontbridge here https://spam.frontbridge.com
Thanks
0
 
shareditCommented:
Do you have an exchange server on site? Does frontbridge filter spam before it gets to your exchange server?  

There shouldn't need to be any commands put in for outgoing smtp. unless it has been setup that way.

If you need to allow mail being forwarded to your exchange server from the spam filter you would use a commands like:


config t
access-list 100 extended permit tcp any any eq smtp
access-group 100 in interface outside
static (inside,outside) tcp interface smtp (IP Address of your exchange server) smtp netmask 255.255.255.255
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
modathirAuthor Commented:
Yes we do have Exchange Server on site. Yes Frontbridge filter the spam before gets to our Exchange Server
0
 
shareditCommented:
if you currently have an exchange server and it is recieving mail, I wouldn't think  you should need to add any addtional commands.  You will want to have whoever hosts your DNS record for your domain change the MX record to point to FrontBridge. They will forward the mail to you after filtering.
0
 
modathirAuthor Commented:
Hi sharedit:
Currently we have the exchane and recieving mail fine.
The pix setting  for SMTP, POP3 and IMAP4 as following:
access-list acl_out extended permit tcp any host X.X.X.126 eq pop3
access-list acl_out extended permit tcp any host X.X.X.126 eq smtp
access-list acl_out extended permit tcp any host X.X.X.126 eq www
access-list acl_out remark exchange IMAP forwarding
access-list acl_out extended permit tcp any host X.X.X.126 eq imap4
Where X.X.X.126 is one of our WAN IPs
Thanks
0
 
shareditCommented:
that will work also.  those look fine, as long as the access-group acl_out is applied to incoming traffinc on the outside interface.

I don't think you will need to make any changes to the Pix,  The only changes being made will be to your MX Record.

0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now