Solved

Configuring SonicWALL NS 2600 to work with Barracuda BESS

Posted on 2016-11-01
4
67 Views
Last Modified: 2016-11-10
We switched from spam filtering software installed on our internal Exchange server to Barracuda Essentials Advanced Email Security (cloud based) solution. To get everything working the way I want it, I need to make two changes to my SonicWALL NS 2600. Unfortunately, I'm not strong with that device, so I'm hoping for some guidance in setting it up correctly.

Task 1 - Allow Barracuda to do LDAP lookup so spam to non-existent email addresses is automatically blocked.

If I understand this correctly, I need to set up a NAT for this, allowing traffic from Barracuda's IP address(es) to reach my domain controller over LDAP (port 389.) I think I need to set up two Address Objects (public and private) and then use those in a NAT policy. Problem is, I tried this and must have done it wrong. When putting the public IP into the Barracuda Cloud Control console and testing the connection, I got an "unable to connect to (IP)" error.

Task 2 - Block all incoming traffic on port 25 unless it's coming from Barracuda.

I'm getting spam that isn't passing through the Barracuda filters. Barracuda support suggests blocking all email (port 25) unless it's coming from their IP address(es). On the SonicWALL, I'm not even sure where to find or make these settings.
0
Comment
Question by:Eric Jack
  • 2
  • 2
4 Comments
 
LVL 37

Accepted Solution

by:
ArneLovius earned 500 total points
ID: 41870044
For Task1, you have the correct idea, but instead of using 389 for LDAP, you should be using 636 and LDAPS.

LDAPS is to LDAP as HTTPS is to HTTP, and as Active Directory requires an authenticated bind, using LDAP across the Internet would mean that an Active Directory credential would be going over the Internet in plain text...

As well as a NAT rule, you also need to create a WAN to LAN firewall access rule to allow the traffic from the Barracuda IP address to the address that you have used for NAT (use the same address object that you created for NAT)

For task 2, just like Task1, you need to create a firewall rule to restrict the traffic
0
 

Author Comment

by:Eric Jack
ID: 41873035
As well as a NAT rule, you also need to create a WAN to LAN firewall access rule to allow the traffic from the Barracuda IP address to the address that you have used for NAT (use the same address object that you created for NAT)

This might be the part I'm missing. Where do I find this on the SonicWALL GUI?
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 41873210
Firewall | Access Rules

I usually use the Matrix view, select WAN to LAN

you will need to add a rule with the source being the barracuda ip/netblock and the destination the public address that you used in the NAT rule
0
 

Author Closing Comment

by:Eric Jack
ID: 41882315
Sorry it took so long to close this out. Your advice pointed me in the right direction and after some trial and error, I got the rules set up and working correctly.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question