Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Blocking port 25

Hi, I am new to Fortigates and have a basic enough question. I wish to block all client pcs from sending traffic on port 25 , but want to enable traffic out on port 25 from Exchange Server. Both the server and the client s are INTERNAL. Let me know if you need any further info. Fortigate 60 - Firmware on device is 2.8 Regards, Paul.
2 REPLIES 2
ede_pfau
SuperUser
SuperUser

hi Paul, firewall policies are matched against traffic in top-down fashion. So if you place a policy allowing SMTP for the server only above the policy for the subnet where SMTP is not mentioned as an allowed service then you' ll have what you are looking for. As both policies are outgoing, both need NAT checked. In case your outgoing policy has ' ANY' as service and you want to keep that, you need a third policy: 1. from server to WAN, service SMTP, allow 2. from subnet to WAN, service SMTP, deny 3. from subnet to WAN, service ANY, allow (this includes traffic from the server) HTH.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Not applicable

How to allow only one specific Exchange mail server to send through Port 25 ttp://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=100109 There is quite a lot of useful information on the KB. It' s all about using the right key word. Sometimes it' s a cryptic source of solutions.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors