Solved

Configuring SonicWALL NS 2600 to work with Barracuda BESS

Posted on 2016-11-01
4
73 Views
Last Modified: 2016-11-10
We switched from spam filtering software installed on our internal Exchange server to Barracuda Essentials Advanced Email Security (cloud based) solution. To get everything working the way I want it, I need to make two changes to my SonicWALL NS 2600. Unfortunately, I'm not strong with that device, so I'm hoping for some guidance in setting it up correctly.

Task 1 - Allow Barracuda to do LDAP lookup so spam to non-existent email addresses is automatically blocked.

If I understand this correctly, I need to set up a NAT for this, allowing traffic from Barracuda's IP address(es) to reach my domain controller over LDAP (port 389.) I think I need to set up two Address Objects (public and private) and then use those in a NAT policy. Problem is, I tried this and must have done it wrong. When putting the public IP into the Barracuda Cloud Control console and testing the connection, I got an "unable to connect to (IP)" error.

Task 2 - Block all incoming traffic on port 25 unless it's coming from Barracuda.

I'm getting spam that isn't passing through the Barracuda filters. Barracuda support suggests blocking all email (port 25) unless it's coming from their IP address(es). On the SonicWALL, I'm not even sure where to find or make these settings.
0
Comment
Question by:Eric Jack
  • 2
  • 2
4 Comments
 
LVL 37

Accepted Solution

by:
ArneLovius earned 500 total points
ID: 41870044
For Task1, you have the correct idea, but instead of using 389 for LDAP, you should be using 636 and LDAPS.

LDAPS is to LDAP as HTTPS is to HTTP, and as Active Directory requires an authenticated bind, using LDAP across the Internet would mean that an Active Directory credential would be going over the Internet in plain text...

As well as a NAT rule, you also need to create a WAN to LAN firewall access rule to allow the traffic from the Barracuda IP address to the address that you have used for NAT (use the same address object that you created for NAT)

For task 2, just like Task1, you need to create a firewall rule to restrict the traffic
0
 

Author Comment

by:Eric Jack
ID: 41873035
As well as a NAT rule, you also need to create a WAN to LAN firewall access rule to allow the traffic from the Barracuda IP address to the address that you have used for NAT (use the same address object that you created for NAT)

This might be the part I'm missing. Where do I find this on the SonicWALL GUI?
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 41873210
Firewall | Access Rules

I usually use the Matrix view, select WAN to LAN

you will need to add a rule with the source being the barracuda ip/netblock and the destination the public address that you used in the NAT rule
0
 

Author Closing Comment

by:Eric Jack
ID: 41882315
Sorry it took so long to close this out. Your advice pointed me in the right direction and after some trial and error, I got the rules set up and working correctly.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question