Viewing TCP / UDP Ports for Spam Firewall Config

Posted on 2008-11-12
Last Modified: 2012-06-27
We just received a Barracuda Spam Firewall 200 for the company I work for.
We are trying to integrate this into our current Cisco ASA 5510 Series router.
The directions for the spam firewall say we should open the following ports:
PORT       DIRECTION       TCP       UDP       USAGE
25            In/Out               Yes       No         Email and email bounces
53            Out                   Yes      Yes       Domain Name Service (DNS)
80            Out                   Yes      No          Virus, firmware and spam rule updates
123          Out                    No       Yes        Network Time Protocol (NTP)

There is a web interface I can access by typing in the IP address of the router and logging in but I can't make any changes through this interface even if I wanted to because the password to access this interface isn't a high enough level.
If I use Hyper Terminal I can use the EXEC password to log in and this will allow me make actual changes but I am not familiar with the Hyper Terminal interface.  I don't even know what I am looking for or what to type in.

Any help would be much appreciated.
Question by:homerslmpson
    1 Comment
    LVL 8

    Accepted Solution

    This is a somewhat involved configuration, you may want to think twice about doing it yourself if you have no experience with this kind of thing. You have the potential to break your email connectivity. That said...

    If I understand correctly, your new Barracuda is going to be a host (in your DMZ I assume?), and you wish to open the firewall to allow these ports into the barracuda's NAT address which you will also have to create?

    I will also assume you have existing internal email server(s) that handle your in and outbound mail now?

    As part of the process, you will also have to repoint your DNS MX records in public DNS to the Barracuda NAT, and set up your email server to send/recieve mail through your Barracuda.


    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
    From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now