This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Traffic for Userportal, Webadmin, SMTP to specific Sophos additional address

pleibling over 1 year ago

Hello,

Sophos Services (Webadmin, Userportal, SMTP and so on) are on every Sophos IP address.

But i need to disable or block every of thiis Services to spacific additional address.

I try to create a Firewallrule and a NAT Sinkhole, but booth doesn't work.

How can i reach this goal?

E.g. my external address is 1.2.3.4 and an additional address is 1.2.3.5, i want to reach Webadmin, Userportal and SMTP Protection on 1.2.3.4, but not on 1.2.3.5

Sophos UTM virtual Appliance with 9.711-5 Firmware.

Thanks for your help.

This thread was automatically locked due to age.

Parents

BAlfson over 1 year ago

Hallo and welcome to the UTM Community!

See #2 in Rulz (last updated 2021-02-16) to understand why the solution is a DNAT like the following:

DNAT : Internet IPv4 -> {WebAdmin, SMTP, Userportal port} -> {1.2.3.5} : to {240.0.0.1}

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
Michael Brandau over 1 year ago in reply to BAlfson

Hi,

i tried DNAT : Internet IPv4 -> {SMTP} -> {additional IP address on interface} : to {240.0.0.1} and guess what, it is not working. Still an open SMTP and still handling mail traffic.
Cancel
Vote Up 0 Vote Down

Cancel
BAlfson over 1 year ago in reply to Michael Brandau

Hmm. Please insert a picture of the Edit of your DNAT. Also show us something that indicates that SMTP traffic came in on the additional address instead of the primary IP.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
Michael Brandau over 1 year ago in reply to BAlfson

This is the Sender:

This is the DNAT:

and this is the log:
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Michael Brandau over 1 year ago in reply to BAlfson

This is the Sender:

This is the DNAT:

and this is the log:
Cancel
Vote Up 0 Vote Down

Cancel

Children

BAlfson over 1 year ago in reply to Michael Brandau

Ah, an internal device. There are several ways that might succeed, Michael. One would be that the user was authenticated as the log indicates.

Another would be that the test device is using something other than SMTP, so try using the "Email Messaging" Service Group instead of "SMTP" in the DNAT.

A better test would be to use an external test like https://mxtoolbox.com/diagnostic.aspx.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
Michael Brandau over 1 year ago in reply to BAlfson

thx for the troubble i caused

I took another physical interface, excluded it from SMTP (meaning: i did not put it in the allowed interfaces list) and moved the additionel IP addresse to the new interface. This may not be an option for everybody, but it worked for me pretty well.
Cancel
Vote Up 0 Vote Down

Cancel