• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1442
  • Last Modified:

Pix 515E: Firewall Must Block Loopback address , reject SMTP RCPT

New to Cisco/Pix/Firewall config... The requirements I must meet state:
1.The firewall shall reject requests for access or services where the source address received by the firewall specifies a loopback address.

Do I create an object that represents a loopback address and deny it access?

2. Firewall must reject SMTP RCPT
The firewall shall reject traffic that contains source routing symbols (e.g. in the mailer RCPT commands.

I have access to the ASDM and the command line.
I have not the faintest idea how to go about meeting these requirements.
I have googled both of these and come up empty.
Thank you

1 Solution
Jody LemoineNetwork ArchitectCommented:
The first one is relatively easy:

access-list outside_in extended deny ip host any
access-group outside_in in interface outside

The second one is somewhat beyond the scope of what a PIX can do with SMTP.  Personally, I would front-end your SMTP server with an Exim, Qmail, Postfix or other SMTP server that can be configured to do this sort of filtering for you.

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now