creating smtp firewal with Wingate 6.2.2
Jun 19 08 8:31 am
Hello, I need some help as soon as possible. I am trying to create a firewall in Wingate that blocks all SMTP outbound traffic except for our mail server, and that redirects all inbound SMTP traffic to our mail server. I can't figure out how to block the outbound for the entire LAN while excluding the mail server. How can I do this? Please help. Thanks.
Re: creating smtp firewal with Wingate 6.2.2
Jun 19 08 3:23 pm
This is quite simple. You can leave port 25 open in the firewall like it normally is, and use access policies to control who is allowed access to this port.
1. GateKeeper -> System -> Extended Networking -> Policies
2. Change the default rights to "are ignored
3. Remove any existing policies
4. Click Add to make a new policy.
5. Go to the Advanced tab
6. Select "Specify which requests this recipient has rights for"
7. Click Add Filter
8. Click Add Criterion
9. Select [This criterion is NOT met if] [Server port number] [equals] [25]
10. Click OK
This policy will prevent everyone from accessing port 25. Now you need to grant access to your mail server so it can send mail, and computers on the Internet so you can receive mail.
14. Click Add Filter
15. Click Add Criterion
16. Select [This criterion is NOT met if] [Client IP number] [begins with] [x.x.x.]
17. Click OK
Replace x.x.x. with the beginning of your local IP range. E.g. 10. or 172.16. or 192.168.1.
This will allow access to port 25 for all computers that are NOT on your local network (i.e. computers on the Internet).
18. Click Add Filter
19. Click Add Criterion
20. Select [This criterion is met if] [Client IP number] [equals] [y.y.y.y]
21. Click OK, then OK to finish the policy
Replace y.y.y.y with the IP address of your mail server. This will allow access to port 25 for your mail server.
22. OK out of the Extended Networking properties to finalise the change
Here is an image of what the advanced tab of this policy should look like after following this guide.
1. GateKeeper -> System -> Extended Networking -> Policies
2. Change the default rights to "are ignored
3. Remove any existing policies
4. Click Add to make a new policy.
5. Go to the Advanced tab
6. Select "Specify which requests this recipient has rights for"
7. Click Add Filter
8. Click Add Criterion
9. Select [This criterion is NOT met if] [Server port number] [equals] [25]
10. Click OK
This policy will prevent everyone from accessing port 25. Now you need to grant access to your mail server so it can send mail, and computers on the Internet so you can receive mail.
14. Click Add Filter
15. Click Add Criterion
16. Select [This criterion is NOT met if] [Client IP number] [begins with] [x.x.x.]
17. Click OK
Replace x.x.x. with the beginning of your local IP range. E.g. 10. or 172.16. or 192.168.1.
This will allow access to port 25 for all computers that are NOT on your local network (i.e. computers on the Internet).
18. Click Add Filter
19. Click Add Criterion
20. Select [This criterion is met if] [Client IP number] [equals] [y.y.y.y]
21. Click OK, then OK to finish the policy
Replace y.y.y.y with the IP address of your mail server. This will allow access to port 25 for your mail server.
22. OK out of the Extended Networking properties to finalise the change
Here is an image of what the advanced tab of this policy should look like after following this guide.
- port25policies.GIF (9.44 KiB) Viewed 1580 times