Solved

How to block Outlook 2007 access over a WAN

Posted on 2009-04-02
4
405 Views
Last Modified: 2012-05-06
We have an MPLS network with all of our sites connected through VPN tunnells.  Somehow, our users have figured out that they can open Outlook and get to their email.  We don't want this to happen.
Is there a way to block Outlook 2007 from connecting through the firewall?  Maybe a port number or something?
I don't want to block it in Group Policy, because I want them to be able to open Outlook if they need to.  Sometimes we send them disks that have PST files and they need to read them.  So blocking Outlook all together is not an option.

Also, keep in mind that I need to be able to centrally manage this change.  I don't want to go into each person's host file and change that.
0
Comment
Question by:Robins_Morton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24052855
Question, how do users get their email if they don't use outlook?  Do you only allow web based OWA mail?  

Outlook uses RPC to connect to the Exchange box which has a dynamic port range.    So blocking it is not feasible.   I would use a software firewall on the exchange box, or create a VLAN for the exchange box to limit the host to communications with only specified boxes such as the Domain Controller, EDGE Server, Blackberry server, etc....  


0
 

Author Comment

by:Robins_Morton
ID: 24052937
Our users use Citrix for all of their remote computing.  

I want to make sure that our in-house users can still get to the exchange server.  The in-house users are on a seperate VLAN, but they have to be able to see the server's VLAN, so VLAN seperation is not an option.  Changing the IP address of the Exchange server is not an option either.  I have too much stuff tied to that IP address.

What kind of software firewall?  Is there one that will block an IP range?  My remote users all come through a different set of IP addresses.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24053469
If the exchange is on a VLAN, and you use cisco switches, you can create or edit an ACL that controls access into the VLAN.   A simple acl that allows certain ranges, then denies everything else would work.  

Would you consider that?  
0
 

Accepted Solution

by:
Robins_Morton earned 0 total points
ID: 24354029
I have found a work around.  We are going to just use Group Policy to deny Outlook from opening.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question