?
Solved

Allow SMTP on Pix firewalll

Posted on 2008-10-29
7
Medium Priority
?
352 Views
Last Modified: 2013-11-30
Hi guys:
Our client moving outbound mail through Frontbridge
firewall rules to allow SMTP traffic on port 25 from the following IP address range:
 x.x.88.0/24 (x.x.88.0/24 = x.x.88.1 - x.x.88.254)
The firewall is PIX515E
Can someone please provide me with commands?
Also any impact for this changes on the current mail becuase I just need to allow those IPs and the actual change for moving the outbound mail will take place later?
0
Comment
Question by:modathir
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 5

Expert Comment

by:sharedit
ID: 22835739
what is frontbridge?  
I dont uderstand? are you saying outgoing smtp is currently blocked?
And you want the IP range of 88.1-.254 to be able to send smtp to frontbridge?
only frontbridge?
typically outbound smtp is not blocked.
please describe your setup ?

is 88.0/24 your only ip range?


0
 
LVL 5

Author Comment

by:modathir
ID: 22838035
Hi sharedit:
Frontbridge is Microsoft Exchange hosted services for spam filtering our incoming and outgoing will be through them that range of  IPs are their IPs my question do I need to allow these IPs on our firewall?
check the Frontbridge here https://spam.frontbridge.com
Thanks
0
 
LVL 5

Expert Comment

by:sharedit
ID: 22841973
Do you have an exchange server on site? Does frontbridge filter spam before it gets to your exchange server?  

There shouldn't need to be any commands put in for outgoing smtp. unless it has been setup that way.

If you need to allow mail being forwarded to your exchange server from the spam filter you would use a commands like:


config t
access-list 100 extended permit tcp any any eq smtp
access-group 100 in interface outside
static (inside,outside) tcp interface smtp (IP Address of your exchange server) smtp netmask 255.255.255.255
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Author Comment

by:modathir
ID: 22842674
Yes we do have Exchange Server on site. Yes Frontbridge filter the spam before gets to our Exchange Server
0
 
LVL 5

Expert Comment

by:sharedit
ID: 22843179
if you currently have an exchange server and it is recieving mail, I wouldn't think  you should need to add any addtional commands.  You will want to have whoever hosts your DNS record for your domain change the MX record to point to FrontBridge. They will forward the mail to you after filtering.
0
 
LVL 5

Author Comment

by:modathir
ID: 22843453
Hi sharedit:
Currently we have the exchane and recieving mail fine.
The pix setting  for SMTP, POP3 and IMAP4 as following:
access-list acl_out extended permit tcp any host X.X.X.126 eq pop3
access-list acl_out extended permit tcp any host X.X.X.126 eq smtp
access-list acl_out extended permit tcp any host X.X.X.126 eq www
access-list acl_out remark exchange IMAP forwarding
access-list acl_out extended permit tcp any host X.X.X.126 eq imap4
Where X.X.X.126 is one of our WAN IPs
Thanks
0
 
LVL 5

Accepted Solution

by:
sharedit earned 2000 total points
ID: 22843546
that will work also.  those look fine, as long as the access-group acl_out is applied to incoming traffinc on the outside interface.

I don't think you will need to make any changes to the Pix,  The only changes being made will be to your MX Record.

0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month9 days, 11 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question