locked
blocking outbound port 25 from all workstations and only allow port 25 through the server RRS feed

  • Question

  • i want to block port 25 on al workstations because we are blacklisted. but we have an ISA server as the firewall installed on the same machine as the exchange server. The same server is also acting as the router from the internet to the rest of the network.

    ms echange 2003 

    isa server 2004

    sbs server 2003

    im very new to sbs, exchange server, and have never worked with isa so please dumb it down for me.

    Thursday, June 7, 2012 6:49 PM

Answers

  • You will want to define two policies on your ISA server:

    1) allow access for the exchange server on port 25

    2) deny access to all on port 25

    These two policies, in that order, will allow your Exchange Server to "talk" SMTP while preventing anything else that is routed through the ISA Server to "talk" SMTP.

    Here is a link that applies to ISA 2004 as far as "best practices" are concerned.

    http://technet.microsoft.com/en-us/library/cc302539.aspx

    You might also find this article helpful:

    http://www.techrepublic.com/article/solutionbase-twenty-isa-server-2004-tips-to-fine-tune-your-firewall/5845110

    • Edited by cokeonice Monday, June 11, 2012 6:03 PM added link
    • Proposed as answer by Soh.M Friday, June 15, 2012 3:32 AM
    • Marked as answer by Kevin Remde Wednesday, December 5, 2012 11:47 AM
    Monday, June 11, 2012 5:58 PM

All replies

  • You will want to define two policies on your ISA server:

    1) allow access for the exchange server on port 25

    2) deny access to all on port 25

    These two policies, in that order, will allow your Exchange Server to "talk" SMTP while preventing anything else that is routed through the ISA Server to "talk" SMTP.

    Here is a link that applies to ISA 2004 as far as "best practices" are concerned.

    http://technet.microsoft.com/en-us/library/cc302539.aspx

    You might also find this article helpful:

    http://www.techrepublic.com/article/solutionbase-twenty-isa-server-2004-tips-to-fine-tune-your-firewall/5845110

    • Edited by cokeonice Monday, June 11, 2012 6:03 PM added link
    • Proposed as answer by Soh.M Friday, June 15, 2012 3:32 AM
    • Marked as answer by Kevin Remde Wednesday, December 5, 2012 11:47 AM
    Monday, June 11, 2012 5:58 PM
  • agreee

    Guowen Su
    Cisco Certified Network Associate
    Cisco Certified Internetwork professional - MPLS
    Certified Information Systems Security Professional
    Microsoft Partner Network 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator:Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Certified Ethical Hacker
    Computer Hacking Forensics Investigator
    Certified Sonicwall Security Administrator
    Microsoft Geeks

    Friday, June 15, 2012 3:33 AM