Not applicable
Created on 01-27-2011 05:09 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Blocking port 25
Hi,
I am new to Fortigates and have a basic enough question.
I wish to block all client pcs from sending traffic on port 25 , but want to enable traffic out on port 25 from Exchange Server. Both the server and the client s are INTERNAL.
Let me know if you need any further info.
Fortigate 60 - Firmware on device is 2.8
Regards,
Paul.
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi Paul,
firewall policies are matched against traffic in top-down fashion. So if you place a policy allowing SMTP for the server only above the policy for the subnet where SMTP is not mentioned as an allowed service then you' ll have what you are looking for.
As both policies are outgoing, both need NAT checked.
In case your outgoing policy has ' ANY' as service and you want to keep that, you need a third policy:
1. from server to WAN, service SMTP, allow
2. from subnet to WAN, service SMTP, deny
3. from subnet to WAN, service ANY, allow (this includes traffic from the server)
HTH.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Not applicable
Created on 02-28-2011 08:02 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to allow only one specific Exchange mail server to send through Port 25
ttp://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=100109
There is quite a lot of useful information on the KB. It' s all about using the right key word. Sometimes it' s a cryptic source of solutions.