Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 4532 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM-9 port 25,465,587 are opened on all public IPs, can i close some of them?

Ming Cheung

i have 14 public IP, lets say

14.138.200.81 - 14.138.200.94

i enabled SMTP routing as a email gateway, and forward mails to Exchange server

i just want 200.81 to open 25 for receiving mail, but closed 465 and 587

and all others public IP are also close 25,465,587.....

but added a deny all to public IP with 25,465,587 not work........

can anyone help?

i have case number 8479344, and 4 UTM-9 on hand



This thread was automatically locked due to age.
Parents
  • +1

    You can try to create a DNAT rule where you Blacklist all traffic arriving on ports 465 and 587 and where you do the same for port 25 for the 13 IP's that are not "in use".

    I think that'll work as DNAT is usually one of the first mechanisms being checked on incoming traffic.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    thanks

     

    but there is no block or deny action can be chosen in NAT, unlike firewall rule

    I am using UTM-9

  • +1 in reply to Ming Cheung

    That's correct, but you can change the destination to an address in the 240.0.0.0/4 subnet. That's a reserved for future use subnet and will not go anywhere, see it like some sort of blackhole where you send all traffic that you don't want inside your network.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • +1 in reply to Ming Cheung

    Hi Ming and welcome to the UTM Community!

    To understand why your firewall rule didn't work, read #2 in Rulz. .  See #3 through #5 for better understanding of specific issues.  Also see Doug Foster's take on some of this: READ ME FIRST: UTM Architecture.

    I think you'll want to allow all three ports on the public IP to which your MX record points.  Port 587 is ESMTP and is used not rarely.  Port 465 is used by older servers to send mail and it's essentially SMTP over an SSL-encrypted tunnel.  Both SMTP (25) and ESMTP can establish an encrypted tunnel after the connection is made.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • +1 in reply to Ming Cheung

    Hi Ming and welcome to the UTM Community!

    To understand why your firewall rule didn't work, read #2 in Rulz. .  See #3 through #5 for better understanding of specific issues.  Also see Doug Foster's take on some of this: READ ME FIRST: UTM Architecture.

    I think you'll want to allow all three ports on the public IP to which your MX record points.  Port 587 is ESMTP and is used not rarely.  Port 465 is used by older servers to send mail and it's essentially SMTP over an SSL-encrypted tunnel.  Both SMTP (25) and ESMTP can establish an encrypted tunnel after the connection is made.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML