Configuring SonicWALL NS 2600 to work with Barracuda BESS

Posted on 2016-11-01
Medium Priority
Last Modified: 2016-11-10
We switched from spam filtering software installed on our internal Exchange server to Barracuda Essentials Advanced Email Security (cloud based) solution. To get everything working the way I want it, I need to make two changes to my SonicWALL NS 2600. Unfortunately, I'm not strong with that device, so I'm hoping for some guidance in setting it up correctly.

Task 1 - Allow Barracuda to do LDAP lookup so spam to non-existent email addresses is automatically blocked.

If I understand this correctly, I need to set up a NAT for this, allowing traffic from Barracuda's IP address(es) to reach my domain controller over LDAP (port 389.) I think I need to set up two Address Objects (public and private) and then use those in a NAT policy. Problem is, I tried this and must have done it wrong. When putting the public IP into the Barracuda Cloud Control console and testing the connection, I got an "unable to connect to (IP)" error.

Task 2 - Block all incoming traffic on port 25 unless it's coming from Barracuda.

I'm getting spam that isn't passing through the Barracuda filters. Barracuda support suggests blocking all email (port 25) unless it's coming from their IP address(es). On the SonicWALL, I'm not even sure where to find or make these settings.
Question by:Eric Jack
  • 2
  • 2
LVL 37

Accepted Solution

ArneLovius earned 2000 total points
ID: 41870044
For Task1, you have the correct idea, but instead of using 389 for LDAP, you should be using 636 and LDAPS.

LDAPS is to LDAP as HTTPS is to HTTP, and as Active Directory requires an authenticated bind, using LDAP across the Internet would mean that an Active Directory credential would be going over the Internet in plain text...

As well as a NAT rule, you also need to create a WAN to LAN firewall access rule to allow the traffic from the Barracuda IP address to the address that you have used for NAT (use the same address object that you created for NAT)

For task 2, just like Task1, you need to create a firewall rule to restrict the traffic

Author Comment

by:Eric Jack
ID: 41873035
As well as a NAT rule, you also need to create a WAN to LAN firewall access rule to allow the traffic from the Barracuda IP address to the address that you have used for NAT (use the same address object that you created for NAT)

This might be the part I'm missing. Where do I find this on the SonicWALL GUI?
LVL 37

Expert Comment

ID: 41873210
Firewall | Access Rules

I usually use the Matrix view, select WAN to LAN

you will need to add a rule with the source being the barracuda ip/netblock and the destination the public address that you used in the NAT rule

Author Closing Comment

by:Eric Jack
ID: 41882315
Sorry it took so long to close this out. Your advice pointed me in the right direction and after some trial and error, I got the rules set up and working correctly.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article explains how to move an Exchange 2013/2016 mailbox database and logs to a different drive.
You do not need to be a security expert to make the RIGHT security. You just need some 3D guidance, to help lay out an action plan to secure your business operations. It does not happen overnight. You just need to start now and do the first thin…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question