Solved

Allow SMTP on Pix firewalll

Posted on 2008-10-29
7
342 Views
Last Modified: 2013-11-30
Hi guys:
Our client moving outbound mail through Frontbridge
firewall rules to allow SMTP traffic on port 25 from the following IP address range:
 x.x.88.0/24 (x.x.88.0/24 = x.x.88.1 - x.x.88.254)
The firewall is PIX515E
Can someone please provide me with commands?
Also any impact for this changes on the current mail becuase I just need to allow those IPs and the actual change for moving the outbound mail will take place later?
0
Comment
Question by:modathir
  • 4
  • 3
7 Comments
 
LVL 5

Expert Comment

by:sharedit
ID: 22835739
what is frontbridge?  
I dont uderstand? are you saying outgoing smtp is currently blocked?
And you want the IP range of 88.1-.254 to be able to send smtp to frontbridge?
only frontbridge?
typically outbound smtp is not blocked.
please describe your setup ?

is 88.0/24 your only ip range?


0
 
LVL 5

Author Comment

by:modathir
ID: 22838035
Hi sharedit:
Frontbridge is Microsoft Exchange hosted services for spam filtering our incoming and outgoing will be through them that range of  IPs are their IPs my question do I need to allow these IPs on our firewall?
check the Frontbridge here https://spam.frontbridge.com
Thanks
0
 
LVL 5

Expert Comment

by:sharedit
ID: 22841973
Do you have an exchange server on site? Does frontbridge filter spam before it gets to your exchange server?  

There shouldn't need to be any commands put in for outgoing smtp. unless it has been setup that way.

If you need to allow mail being forwarded to your exchange server from the spam filter you would use a commands like:


config t
access-list 100 extended permit tcp any any eq smtp
access-group 100 in interface outside
static (inside,outside) tcp interface smtp (IP Address of your exchange server) smtp netmask 255.255.255.255
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 5

Author Comment

by:modathir
ID: 22842674
Yes we do have Exchange Server on site. Yes Frontbridge filter the spam before gets to our Exchange Server
0
 
LVL 5

Expert Comment

by:sharedit
ID: 22843179
if you currently have an exchange server and it is recieving mail, I wouldn't think  you should need to add any addtional commands.  You will want to have whoever hosts your DNS record for your domain change the MX record to point to FrontBridge. They will forward the mail to you after filtering.
0
 
LVL 5

Author Comment

by:modathir
ID: 22843453
Hi sharedit:
Currently we have the exchane and recieving mail fine.
The pix setting  for SMTP, POP3 and IMAP4 as following:
access-list acl_out extended permit tcp any host X.X.X.126 eq pop3
access-list acl_out extended permit tcp any host X.X.X.126 eq smtp
access-list acl_out extended permit tcp any host X.X.X.126 eq www
access-list acl_out remark exchange IMAP forwarding
access-list acl_out extended permit tcp any host X.X.X.126 eq imap4
Where X.X.X.126 is one of our WAN IPs
Thanks
0
 
LVL 5

Accepted Solution

by:
sharedit earned 500 total points
ID: 22843546
that will work also.  those look fine, as long as the access-group acl_out is applied to incoming traffinc on the outside interface.

I don't think you will need to make any changes to the Pix,  The only changes being made will be to your MX Record.

0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
What is Usenet? There are many different opinions on exactly what Usenet is an isn't. Many opinions are incorrect simply out of ignorance. The Wikipedia listing about Usenet does a good job of explaining it, so instead of repeating it all here I wi…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now