none
ISA Rule Stop IP Ranges from Connecting to SBS 2003

    Question

  • Hi all,

    I need to create a deny rule for ISA 2004 / SBS 2003 to stop certain IP ranges from connecting to port 25 on the SBS Exchange.

    Can you help?
    Thanks, Dan

    Friday, September 02, 2011 1:50 PM

All replies

  • This?
     
     

    --
    Merv  Porter   [SBS-MVP]
    ============================
    Friday, September 02, 2011 2:04 PM
    Moderator
  • You could use Connection Filtering available in Exchange Server settings if you'd like.
    Friday, September 02, 2011 5:19 PM
  • Merv,

    From what I've read, this will only work if you are using Exchange defender... I was thinking more towards copying the same rule, place it just above the original, change to DENY and create a Network Domain Set where I would then include the "bad" IPs. This way I would not have those IPs connect to port 25 on the SBS Server.

    I guess I will just keep on looking for a solution. I am surprised I could not set up a rule that does just that... it seems so obvious... but apparently it isn't so...

    Dan

    Monday, September 05, 2011 10:09 PM
  • Dan, it's so simple that if you don't know how I ain't gonna provide step by step.

    Create a network set containing IP's/subnets you wish to ban.

    Stuff banning just SMTP from them (though you could just do that), create a rule that bans any traffic from those IP's.

    It's a wiz for Pete's sake.

    Monday, September 05, 2011 10:27 PM
  • You see, I'm trying to stop connections BEFORE it reaches Exchange...that's why I would THINK ISA 2004 should easily take care of that...

    Dan

    Monday, September 05, 2011 10:37 PM
  • I agree... I feel embarrassed !
    Like I said above, I did that but... for whatever reason it just doesn't want to work... I placed the rule right above the default (allow) one. No joy at all...

    Dan

    Monday, September 05, 2011 10:40 PM
  • Thanks Vibha,

    You see, I'm trying to stop connections BEFORE it reaches Exchange...that's why I would THINK ISA 2004 should easily take care of that...

    Dan

    Monday, September 05, 2011 10:45 PM
  • Thank you SuperGumby,

    I agree... I feel embarrassed !
    Like I said above, I did that but... for whatever reason it just doesn't want to work... I placed the rule right above the default (allow) one. No joy at all...

    Dan

    Monday, September 05, 2011 10:46 PM