Re: Exchange behind WatchGuard Firewall

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: todd (fatheree21_at_NOcomcastSPAM.net)
Date: 05/07/04 

Date: Fri, 7 May 2004 00:22:54 -0500

I don't believe either of those articles address the poster's problem. The
first article deals with sending SMTP out through the firewall. The second
deals with sending and receiving email through a PIX. The poster is talking
about accessing an Exchange server sitting in a DMZ from a workstation on
the LAN with Outlook. I don't believe SMTP will really be involved. IMHO,
you definitely don't want to be removing the SMTP Proxy service on the
Watchguard (especially for incoming mail). Doing so forfeits the ability of
the firewall to filter attachments on the basis of their extension, filter
emails with spoofed From: headers, etc. Of course this can be filtered
later downstream by other products, but I'm into layers of security. For
further reference, it *is* a good idea on the Watchguard Firebox to _not_
send outgoing SMTP traffic through a SMTP-Proxy service, but to use an
SMTP-Filter service instead. The SMTP-Filter service has no application
layer functionality, so it won't mess with outgoing mail.

Todd

"Robert Lampkin [MSFT]" <rlampkin@online.microsoft.com> wrote in message
news:r6pCn$7MEHA.308@cpmsftngxa10.phx.gbl...
> Watchguard firwalls usually come with a SMTP Proxy service running on
them.
> This can filter out the verbs needed for remote users to authenticate.
> Contact Watchguard and have the remove ANY SMTP Proxy that may be running
> on this firewall. Look at
> http://support.microsoft.com/support/kb/articles/q305/0/07.asp and
> http://support.microsoft.com/support/kb/articles/q320/0/27.asp
>
>
> Robert Lampkin, MCSE: Messaging
> Microsoft Exchange Support
> ************
> Please reply directly to the thread with any updates. You may receive this
> email notification before you are able to view my reply in the newsgroup.
> Please do not send email directly to this alias. This alias is for
> newsgroup purposes only.
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> --------------------
> | Thread-Topic: Exchange behind WatchGuard Firewall
> | thread-index: AcQyQgXHUJjdXOirRhSKU69Va0zgQQ==
> | X-WN-Post: microsoft.public.exchange2000.connectivity
> | From: =?Utf-8?B?WW9ua2V5?= <anonymous@discussions.microsoft.com>
> | Subject: Exchange behind WatchGuard Firewall
> | Date: Tue, 4 May 2004 18:41:02 -0700
> | Lines: 3
> | Message-ID: <EEF8FAC4-7271-4C86-BDA0-7CF13AA33F4E@microsoft.com>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.exchange2000.connectivity
> | Path: cpmsftngxa10.phx.gbl
> | Xref: cpmsftngxa10.phx.gbl
> microsoft.public.exchange2000.connectivity:17642
> | NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
> | X-Tomcat-NG: microsoft.public.exchange2000.connectivity
> |
> | Hi,
>
> anyone here using WatchGuard Firewall and having exchange server protected
> by this firewall ? I have a problem on the client authentication passing
> this firewall. Most of the ports that need to be open to make the
> connection from client on the private network accessing the exchange in
DMZ
> are opened. But things just cant fully work. When I'm configuring the
> Outlook XP client, I am succesfully check the names and looks like i'm be
> able to use the exchange server but when I try to open " User - Mailbox "
> the folder just cant be open. I'm wondering if any people out there can
> give suggestion. Thanks
> |
>

Relevant Pages

  • Re: Exchange behind WatchGuard Firewall
    ... If the server is in a DMZ there is definately a firewall involved. ... Proxy services usually only transmit standard SMTP and not extended SMTP ... | Subject: Re: Exchange behind WatchGuard Firewall ...
    (microsoft.public.exchange2000.connectivity)
  • Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
    ... Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies ...
    (Bugtraq)
  • Re: Eingehnde Mails (in Exchange)werde nach Migr. nicht korrekt zu
    ... Router/Firewall, ok, aber welche Firewall benutzt du? ... Die im Router integrierte oder ne zusätzlich vorgeschaltete? ... Haste von extern auch ne feste IP, dass du die intern hast war mir eigentlich schon klar, sonst dürfte die die Einrichtung des SBS schwer gefallen sein. ... Schon mal versucht via Telnet auf Port 25 (SMTP) ne Mail an deinen ...
    (microsoft.public.de.german.backoffice.smallbiz)
  • Re: Diff b/w cheap and expensive firewalls
    ... > You need to separate the idea that a router with NAT is a firewall from ... > what a real firewall is/does. ... > SMTP server. ...
    (comp.security.firewalls)
  • Re: Ipchains and smtp rule
    ... Subject: Ipchains and smtp rule ... > I had the same problem with my iptables firewall, ... > found ICMP-embedded TCP packets of type 3 which always where dropped. ... > I solved the problem by accepting related & established ICMP connections ...
    (Focus-Linux)