Solved

How to block Outlook 2007 access over a WAN

Posted on 2009-04-02
4
403 Views
Last Modified: 2012-05-06
We have an MPLS network with all of our sites connected through VPN tunnells.  Somehow, our users have figured out that they can open Outlook and get to their email.  We don't want this to happen.
Is there a way to block Outlook 2007 from connecting through the firewall?  Maybe a port number or something?
I don't want to block it in Group Policy, because I want them to be able to open Outlook if they need to.  Sometimes we send them disks that have PST files and they need to read them.  So blocking Outlook all together is not an option.

Also, keep in mind that I need to be able to centrally manage this change.  I don't want to go into each person's host file and change that.
0
Comment
Question by:Robins_Morton
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24052855
Question, how do users get their email if they don't use outlook?  Do you only allow web based OWA mail?  

Outlook uses RPC to connect to the Exchange box which has a dynamic port range.    So blocking it is not feasible.   I would use a software firewall on the exchange box, or create a VLAN for the exchange box to limit the host to communications with only specified boxes such as the Domain Controller, EDGE Server, Blackberry server, etc....  


0
 

Author Comment

by:Robins_Morton
ID: 24052937
Our users use Citrix for all of their remote computing.  

I want to make sure that our in-house users can still get to the exchange server.  The in-house users are on a seperate VLAN, but they have to be able to see the server's VLAN, so VLAN seperation is not an option.  Changing the IP address of the Exchange server is not an option either.  I have too much stuff tied to that IP address.

What kind of software firewall?  Is there one that will block an IP range?  My remote users all come through a different set of IP addresses.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24053469
If the exchange is on a VLAN, and you use cisco switches, you can create or edit an ACL that controls access into the VLAN.   A simple acl that allows certain ranges, then denies everything else would work.  

Would you consider that?  
0
 

Accepted Solution

by:
Robins_Morton earned 0 total points
ID: 24354029
I have found a work around.  We are going to just use Group Policy to deny Outlook from opening.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question