Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1893
Views
0
Helpful
6
Replies

Open tcp port 993 on firewall

acira
Level 1
Level 1

‎10-12-2004 06:53 AM - edited ‎03-09-2019 09:04 AM

I currently have two PIX515 firewalls (v4.4 and v6.2) how to do I add a fixup protocol imap4 993 for SSL?

I want to add a conduit to from a specific server ip. I can't setup a secure channel without this port being open.

Thanks in Advance.

Labels:
0 Helpful
6 Replies 6

Patrick Iseli
Level 7
Level 7

‎10-12-2004 09:19 AM

There does not exist a fixup for imap !

Fixup protocols are built in into the PIX Firewall OS and cannot be added.

See: Command Reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094885.shtml

Please change your conduits to access-list, Cisco does not support any more the conduits.

You will need a static for NATing the IP to your Mail server and an access-list on the outside interface to permit traffic inbound.

See example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008015efa9.shtml

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:PIX&s=Software_Configuration

sincerely

Patrick

0 Helpful

acira
Level 1
Level 1
In response to Patrick Iseli

‎10-12-2004 10:54 AM

You are correct, the documentation for v4.4 and v6.2 confirms that the imap4 protocol is not supported.

Besides the default protocols on v4.4 and v6.2, can generic protocols be created with associated port by submitting some command line entries?

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to acira

‎10-12-2004 11:56 AM

You talk about filtering out commands from a specific protocol as IMAP?

No, that is not possible with a PIX.

You can block this on an IDS or IPS system.

I don't know if there is a way in an IOS Router, maybe with NBAR?

Has someone an idea?

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to Patrick Iseli

‎10-12-2004 05:37 PM

How about a Mail Relay Server ?

0 Helpful

acira
Level 1
Level 1
In response to Patrick Iseli

‎10-13-2004 06:51 AM

Do you mean setting up an Exchange Front End server, in front of the firewall, to accept 993 traffic and relay to the mailboxes on the back-end behind the firewall? This sounds like more work than I want. I don't want to disturb the existing infrastructure. Any other suggestions?

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to acira

‎10-13-2004 08:54 AM

No, I do not have another suggestion.

A Mail relay Server is usully located in the DMZ and relay into the Mail server located in the inside LAN.

The same setup can be used to protect against SPAM and Viruses.

e.g. http://www.esafe.com

This is usally used for SMTP but I imagine there exists also products that limits IMAP commands.

http://www.squid-cache.org/ for http and SSL

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents