Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SonicWALL open Port 25 to specific external IPs only

Posted on 2011-02-25
6
Medium Priority
?
2,210 Views
Last Modified: 2012-05-11
Hey everyone.

I am having some trouble configuring the SonicWALL to only accept SMTP traffic from a few external IP addresses. We have Hosted Websense which removes spam for us before sending it along to our server.

I created Address Objects on the SonicWALL with the proper network addresses. I then went to Access Rules on the firewall and enabled these address objects to the WAN interface.

Are these supposed to be pointing to the mail servers internal or external interface? I tried both and neither would work.

Attached 3 pics of the setup config... what have i done wrong?
sonicwall.jpg
sonicwall2.jpg
sonicwall3.jpg
0
Comment
Question by:tamaneri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:tjdabomb
ID: 34983876
do you also have address objects for websense 2, 3, and 4?  Is there a service in the Sonicwall for "SMTP Receive email"??
0
 
LVL 3

Author Comment

by:tamaneri
ID: 34984128
I don't see a "SMTP Receive Email" setting.

I see:

SMTP (Anti-Spam Inbound Port)
SMTP (Send E-mail)

I tried it first with Anti-Spam Inbound Port and it wouldn't work either.

I added both SMTP's to the services for my exchange server (see pic), but that opens port 25 to everyone from what I can tell.

Also attached snapshots for the other websense connectors
sonicwall4.jpg
sonicwall5.JPG
sonicwall6.JPG
sonicwall7.JPG
0
 
LVL 9

Expert Comment

by:tjdabomb
ID: 34984425
i am not entirely familiar with websense, but, is it possible that you need a pop3 connection to the websense in order to get the email to your local exchange box?  Kinda like your exchange acts like Outlook and needs to pop3 mail inbound from websense.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 33

Accepted Solution

by:
digitap earned 1000 total points
ID: 34986017
your best bet to get this to work properly is to run the public server wizard.  run it using smtp as your service.  then, create the address objects that represent the public IPs that you want to explicitly allow ingress (if you have not already), create an address group and add those objects to the group. then, go back to the firewall access rule wan > lan and edit the source using the address group.  you'll want to edit the ingress/egress NAT policies with the group as well.  i think original source for ingress and translated destination for egress.
0
 
LVL 6

Assisted Solution

by:Cas Krist
Cas Krist earned 1000 total points
ID: 34987982
Yes digitap is right run the public server wizard, but it is sufficient to only edit the firewall rule (WAN -> LAN) and change the source to your address group e.g. Websense.
(BTW you can create a group of address objects, put all the ip's and/or ranges in one group and use this group as a source(no need for websense1, websense2 etc) )
0
 
LVL 6

Expert Comment

by:Cas Krist
ID: 35031205
Thanks for the points, good luck.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question