Solved: Re: Limit Outbound SMTP with PIX

unionbancorpit · ‎08-03-2004

I want to restrict outbound SMTP to our email server in the DMZ. We have a PIX 515E between our inernal network and an external 2650 router. I want to restrict all machines except the email server from sending outbound SMTP but still allow inbound SMTP to the mail server. Since the PIX only supports inbound ACL's do I have to configure the ACL on the external router or is there a way the PIX can do this? Thanks.

mostiguy · ‎08-03-2004

If the SMTP box is on the DMZ int of the 515e, you can write an ACL for the inside int of the 515e that blocks all tcp from any to any eq 25.

This is assuming you are not using SMTP from the client pcs to the dmz mail server, if you are, start the acl with a statement that allows smtp traffic to the smtp server, and the next statement should be a deny all to smtp 25.

FInally, if you do not have an existing acl on the inside int, you probably will need a permit ip any any statement to allow all other traffic to proceed

View solution in original post

mostiguy · ‎08-03-2004

If the SMTP box is on the DMZ int of the 515e, you can write an ACL for the inside int of the 515e that blocks all tcp from any to any eq 25.

This is assuming you are not using SMTP from the client pcs to the dmz mail server, if you are, start the acl with a statement that allows smtp traffic to the smtp server, and the next statement should be a deny all to smtp 25.

FInally, if you do not have an existing acl on the inside int, you probably will need a permit ip any any statement to allow all other traffic to proceed

unionbancorpit · ‎08-04-2004

Thanks! I put the acl on the firewall this morning and so far everything is working great. Thanks for the suggestion.