How to block Outlook 2007 access over a WAN

Posted on 2009-04-02
Medium Priority
Last Modified: 2012-05-06
We have an MPLS network with all of our sites connected through VPN tunnells.  Somehow, our users have figured out that they can open Outlook and get to their email.  We don't want this to happen.
Is there a way to block Outlook 2007 from connecting through the firewall?  Maybe a port number or something?
I don't want to block it in Group Policy, because I want them to be able to open Outlook if they need to.  Sometimes we send them disks that have PST files and they need to read them.  So blocking Outlook all together is not an option.

Also, keep in mind that I need to be able to centrally manage this change.  I don't want to go into each person's host file and change that.
Question by:Robins_Morton
  • 2
  • 2
LVL 33

Expert Comment

ID: 24052855
Question, how do users get their email if they don't use outlook?  Do you only allow web based OWA mail?  

Outlook uses RPC to connect to the Exchange box which has a dynamic port range.    So blocking it is not feasible.   I would use a software firewall on the exchange box, or create a VLAN for the exchange box to limit the host to communications with only specified boxes such as the Domain Controller, EDGE Server, Blackberry server, etc....  


Author Comment

ID: 24052937
Our users use Citrix for all of their remote computing.  

I want to make sure that our in-house users can still get to the exchange server.  The in-house users are on a seperate VLAN, but they have to be able to see the server's VLAN, so VLAN seperation is not an option.  Changing the IP address of the Exchange server is not an option either.  I have too much stuff tied to that IP address.

What kind of software firewall?  Is there one that will block an IP range?  My remote users all come through a different set of IP addresses.
LVL 33

Expert Comment

ID: 24053469
If the exchange is on a VLAN, and you use cisco switches, you can create or edit an ACL that controls access into the VLAN.   A simple acl that allows certain ranges, then denies everything else would work.  

Would you consider that?  

Accepted Solution

Robins_Morton earned 0 total points
ID: 24354029
I have found a work around.  We are going to just use Group Policy to deny Outlook from opening.

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Today as you open your Outlook, you witness an error message: “Outlook is using an old copy of your Outlook Data File…”. Probably, Outlook is accessing an old OST file.
Often, the users face difficulty in accessing Outlook 2016 PST files on Windows 10 computer. One of the reasons behind it is the improper functioning of MS Outlook when the user tries to open it. MS Outlook suddenly stops working, or it will not op…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question