Solved

Configuring SonicWALL NS 2600 to work with Barracuda BESS

Posted on 2016-11-01
4
123 Views
Last Modified: 2016-11-10
We switched from spam filtering software installed on our internal Exchange server to Barracuda Essentials Advanced Email Security (cloud based) solution. To get everything working the way I want it, I need to make two changes to my SonicWALL NS 2600. Unfortunately, I'm not strong with that device, so I'm hoping for some guidance in setting it up correctly.

Task 1 - Allow Barracuda to do LDAP lookup so spam to non-existent email addresses is automatically blocked.

If I understand this correctly, I need to set up a NAT for this, allowing traffic from Barracuda's IP address(es) to reach my domain controller over LDAP (port 389.) I think I need to set up two Address Objects (public and private) and then use those in a NAT policy. Problem is, I tried this and must have done it wrong. When putting the public IP into the Barracuda Cloud Control console and testing the connection, I got an "unable to connect to (IP)" error.

Task 2 - Block all incoming traffic on port 25 unless it's coming from Barracuda.

I'm getting spam that isn't passing through the Barracuda filters. Barracuda support suggests blocking all email (port 25) unless it's coming from their IP address(es). On the SonicWALL, I'm not even sure where to find or make these settings.
0
Comment
Question by:Eric Jack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 37

Accepted Solution

by:
ArneLovius earned 500 total points
ID: 41870044
For Task1, you have the correct idea, but instead of using 389 for LDAP, you should be using 636 and LDAPS.

LDAPS is to LDAP as HTTPS is to HTTP, and as Active Directory requires an authenticated bind, using LDAP across the Internet would mean that an Active Directory credential would be going over the Internet in plain text...

As well as a NAT rule, you also need to create a WAN to LAN firewall access rule to allow the traffic from the Barracuda IP address to the address that you have used for NAT (use the same address object that you created for NAT)

For task 2, just like Task1, you need to create a firewall rule to restrict the traffic
0
 

Author Comment

by:Eric Jack
ID: 41873035
As well as a NAT rule, you also need to create a WAN to LAN firewall access rule to allow the traffic from the Barracuda IP address to the address that you have used for NAT (use the same address object that you created for NAT)

This might be the part I'm missing. Where do I find this on the SonicWALL GUI?
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 41873210
Firewall | Access Rules

I usually use the Matrix view, select WAN to LAN

you will need to add a rule with the source being the barracuda ip/netblock and the destination the public address that you used in the NAT rule
0
 

Author Closing Comment

by:Eric Jack
ID: 41882315
Sorry it took so long to close this out. Your advice pointed me in the right direction and after some trial and error, I got the rules set up and working correctly.
0

Featured Post

Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question