Solved

How to block Outlook 2007 access over a WAN

Posted on 2009-04-02
4
401 Views
Last Modified: 2012-05-06
We have an MPLS network with all of our sites connected through VPN tunnells.  Somehow, our users have figured out that they can open Outlook and get to their email.  We don't want this to happen.
Is there a way to block Outlook 2007 from connecting through the firewall?  Maybe a port number or something?
I don't want to block it in Group Policy, because I want them to be able to open Outlook if they need to.  Sometimes we send them disks that have PST files and they need to read them.  So blocking Outlook all together is not an option.

Also, keep in mind that I need to be able to centrally manage this change.  I don't want to go into each person's host file and change that.
0
Comment
Question by:Robins_Morton
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24052855
Question, how do users get their email if they don't use outlook?  Do you only allow web based OWA mail?  

Outlook uses RPC to connect to the Exchange box which has a dynamic port range.    So blocking it is not feasible.   I would use a software firewall on the exchange box, or create a VLAN for the exchange box to limit the host to communications with only specified boxes such as the Domain Controller, EDGE Server, Blackberry server, etc....  


0
 

Author Comment

by:Robins_Morton
ID: 24052937
Our users use Citrix for all of their remote computing.  

I want to make sure that our in-house users can still get to the exchange server.  The in-house users are on a seperate VLAN, but they have to be able to see the server's VLAN, so VLAN seperation is not an option.  Changing the IP address of the Exchange server is not an option either.  I have too much stuff tied to that IP address.

What kind of software firewall?  Is there one that will block an IP range?  My remote users all come through a different set of IP addresses.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24053469
If the exchange is on a VLAN, and you use cisco switches, you can create or edit an ACL that controls access into the VLAN.   A simple acl that allows certain ranges, then denies everything else would work.  

Would you consider that?  
0
 

Accepted Solution

by:
Robins_Morton earned 0 total points
ID: 24354029
I have found a work around.  We are going to just use Group Policy to deny Outlook from opening.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Get an idea of what you should include in an email disclaimer with these Top 5 email disclaimer tips.
Set OWA language and time zone in Exchange for individuals, all users or per database.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now