Solved

SonicWALL open Port 25 to specific external IPs only

Posted on 2011-02-25
6
2,114 Views
Last Modified: 2012-05-11
Hey everyone.

I am having some trouble configuring the SonicWALL to only accept SMTP traffic from a few external IP addresses. We have Hosted Websense which removes spam for us before sending it along to our server.

I created Address Objects on the SonicWALL with the proper network addresses. I then went to Access Rules on the firewall and enabled these address objects to the WAN interface.

Are these supposed to be pointing to the mail servers internal or external interface? I tried both and neither would work.

Attached 3 pics of the setup config... what have i done wrong?
sonicwall.jpg
sonicwall2.jpg
sonicwall3.jpg
0
Comment
Question by:tamaneri
6 Comments
 
LVL 9

Expert Comment

by:tjdabomb
Comment Utility
do you also have address objects for websense 2, 3, and 4?  Is there a service in the Sonicwall for "SMTP Receive email"??
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
I don't see a "SMTP Receive Email" setting.

I see:

SMTP (Anti-Spam Inbound Port)
SMTP (Send E-mail)

I tried it first with Anti-Spam Inbound Port and it wouldn't work either.

I added both SMTP's to the services for my exchange server (see pic), but that opens port 25 to everyone from what I can tell.

Also attached snapshots for the other websense connectors
sonicwall4.jpg
sonicwall5.JPG
sonicwall6.JPG
sonicwall7.JPG
0
 
LVL 9

Expert Comment

by:tjdabomb
Comment Utility
i am not entirely familiar with websense, but, is it possible that you need a pop3 connection to the websense in order to get the email to your local exchange box?  Kinda like your exchange acts like Outlook and needs to pop3 mail inbound from websense.
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
Comment Utility
your best bet to get this to work properly is to run the public server wizard.  run it using smtp as your service.  then, create the address objects that represent the public IPs that you want to explicitly allow ingress (if you have not already), create an address group and add those objects to the group. then, go back to the firewall access rule wan > lan and edit the source using the address group.  you'll want to edit the ingress/egress NAT policies with the group as well.  i think original source for ingress and translated destination for egress.
0
 
LVL 6

Assisted Solution

by:caskrist
caskrist earned 250 total points
Comment Utility
Yes digitap is right run the public server wizard, but it is sufficient to only edit the firewall rule (WAN -> LAN) and change the source to your address group e.g. Websense.
(BTW you can create a group of address objects, put all the ip's and/or ranges in one group and use this group as a source(no need for websense1, websense2 etc) )
0
 
LVL 6

Expert Comment

by:caskrist
Comment Utility
Thanks for the points, good luck.
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now