CenTechs
asked on
Stop Outgoing SMTP Traffic on Firebox Edge x10e
Hello Experts,
After a blacklisting I have configured my Watchguard to only allow outbound port 25 from the Exchange server. I have tested this from a client PC using telnet but am still allowed to connect to a remote email server. I am going wrong with the configuration of the firewall or the testing (ie would telnet still show port 23?) On the Watchguard I configured SMTP (outgoing) by removing ANY and putting in the internet IP of the server.
Thanks
Centechs
After a blacklisting I have configured my Watchguard to only allow outbound port 25 from the Exchange server. I have tested this from a client PC using telnet but am still allowed to connect to a remote email server. I am going wrong with the configuration of the firewall or the testing (ie would telnet still show port 23?) On the Watchguard I configured SMTP (outgoing) by removing ANY and putting in the internet IP of the server.
Thanks
Centechs
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi guys,
Kentern - not sure of the OS level, there is an enable all by any rule but I wasn't completely sure of the priority order on a Watchguard, presumably this is the problem. Can I check a breakdown of rules in their order somehow on the device? (ie like ISA or Fortigate stuff?). I take it this Outgoing - Allowed - by Any will take precedence over all other rules?
I am using telnet correctly, as long as full "emulation" happens at the application layer in the eye of a firewall as I suspect it would do if I checked the logs
Thanks
Centechs
Kentern - not sure of the OS level, there is an enable all by any rule but I wasn't completely sure of the priority order on a Watchguard, presumably this is the problem. Can I check a breakdown of rules in their order somehow on the device? (ie like ISA or Fortigate stuff?). I take it this Outgoing - Allowed - by Any will take precedence over all other rules?
I am using telnet correctly, as long as full "emulation" happens at the application layer in the eye of a firewall as I suspect it would do if I checked the logs
Thanks
Centechs
ASKER
removed the allow all and replaced with entries for each required protocol
thanks!
thanks!
telnet destination 25
to connect at port 25