Isa 2006 smtp
billybob01
Member Posts: 504
in Off-Topic
Hi guys, can someone please read through my setup and see if i have missed anything, i am replacing an old 2000 isa server with a new 2006 isa server and all the rules have been created but i need clarification on the SMTP rules, i cant test anything until Saturday!! Last weekend we had no mail going out, but had mail comming in. I have made a DNS rule as well from reading in a book, but i am not sure if it`s needed. Below are the rules.
Publishing Rule:
Action: Allow
Traffic: SMTP Server
From: Anywhere
To: This is the IP Address of our Mail Server
Networks: External (this is the external ip address of our ISA)
Access Rule:
Action: Allow
Traffic: SMTP
From: name of our Mail Server
To: External
DNS Access Rule
Action: Allow
Protocols: DNS
From: Names of our 2 internal DNS Servers
To: Local Host
Any help on this would be great guys.
Publishing Rule:
Action: Allow
Traffic: SMTP Server
From: Anywhere
To: This is the IP Address of our Mail Server
Networks: External (this is the external ip address of our ISA)
Access Rule:
Action: Allow
Traffic: SMTP
From: name of our Mail Server
To: External
DNS Access Rule
Action: Allow
Protocols: DNS
From: Names of our 2 internal DNS Servers
To: Local Host
Any help on this would be great guys.
Comments
-
tenrou Member Posts: 108Hey,
I don't know how you're going to set your traffic and routing up but The ISA rule will only cover incomming SMTP traffic. For this SMTP publishing rule the ISA has to be the public entry point for your SMTP.
When the exchange server sends SMTP it will just send via the default gateway in which case it depends how your ISA server is setup. If it's covering all your perimiter traffic then you'll need SMTP rules. If it's not then it wont even hit the ISA.
I would say the SMTP publishing and the Firewall rules are for 2 different scenarios. A diagram of your layout would help here.
Thanks -
billybob01 Member Posts: 504Thankyou for your reply. I am new to ISA 2006 so i am not sure on what details you need.
Let me know and i will post them back to you, i have made a diagram using ISA but cannot upload it on here! -
billybob01 Member Posts: 504See attached Diagram if this helps. The ISA`s IP Address in the Pic will need to be changed to reflect the ISA we already have in place (it`s an old 2000 firewall). Is there anything else you need? I have copied the route print from the old server to the new server as well.