Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 216
  • Last Modified:

Configuring SonicWALL NS 2600 to work with Barracuda BESS

We switched from spam filtering software installed on our internal Exchange server to Barracuda Essentials Advanced Email Security (cloud based) solution. To get everything working the way I want it, I need to make two changes to my SonicWALL NS 2600. Unfortunately, I'm not strong with that device, so I'm hoping for some guidance in setting it up correctly.

Task 1 - Allow Barracuda to do LDAP lookup so spam to non-existent email addresses is automatically blocked.

If I understand this correctly, I need to set up a NAT for this, allowing traffic from Barracuda's IP address(es) to reach my domain controller over LDAP (port 389.) I think I need to set up two Address Objects (public and private) and then use those in a NAT policy. Problem is, I tried this and must have done it wrong. When putting the public IP into the Barracuda Cloud Control console and testing the connection, I got an "unable to connect to (IP)" error.

Task 2 - Block all incoming traffic on port 25 unless it's coming from Barracuda.

I'm getting spam that isn't passing through the Barracuda filters. Barracuda support suggests blocking all email (port 25) unless it's coming from their IP address(es). On the SonicWALL, I'm not even sure where to find or make these settings.
0
Eric Jack
Asked:
Eric Jack
  • 2
  • 2
1 Solution
 
ArneLoviusCommented:
For Task1, you have the correct idea, but instead of using 389 for LDAP, you should be using 636 and LDAPS.

LDAPS is to LDAP as HTTPS is to HTTP, and as Active Directory requires an authenticated bind, using LDAP across the Internet would mean that an Active Directory credential would be going over the Internet in plain text...

As well as a NAT rule, you also need to create a WAN to LAN firewall access rule to allow the traffic from the Barracuda IP address to the address that you have used for NAT (use the same address object that you created for NAT)

For task 2, just like Task1, you need to create a firewall rule to restrict the traffic
0
 
Eric JackIT ManagerAuthor Commented:
As well as a NAT rule, you also need to create a WAN to LAN firewall access rule to allow the traffic from the Barracuda IP address to the address that you have used for NAT (use the same address object that you created for NAT)

This might be the part I'm missing. Where do I find this on the SonicWALL GUI?
0
 
ArneLoviusCommented:
Firewall | Access Rules

I usually use the Matrix view, select WAN to LAN

you will need to add a rule with the source being the barracuda ip/netblock and the destination the public address that you used in the NAT rule
0
 
Eric JackIT ManagerAuthor Commented:
Sorry it took so long to close this out. Your advice pointed me in the right direction and after some trial and error, I got the rules set up and working correctly.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now