Overview


 This article explains how to allow required port and service. In order to access mails from internet we have to allow traffic through those services, or ports, using Firewall Rule.


Scenario


Create a Firewall Rule named “LAN to WAN Mail port” for receiving/sending mail. This rule is pushed down to a group of managed appliances.



Solution


All configurations are to be done from Web Admin Console using “Administrator” profile. To create and push down a Firewall Rule, follow the steps given below.


Steps:


  • Navigate to Firewall > Custom Rules> In Custom Rules click Add.



  • Gather the data i.e. source, destination and ports to allow in firewall. 


You can take an action from one of the following:


Accept: Allows the connection and permits a packet to traverse through the network.


Drop: Accepts the connection but drops it in case it is a security hazard. Silently discards the packet  

from passing through the network and sends no response to the user.


Reject: Rejects the connection totally and denies the packet from passing through the network.

Sends an ICMP destination-unreachable response back to the source host.



  • So here we have to accept the connection so select Accept as shown above.
  • As per requirement enter and select Name, Action and Description.
  • Select the source and destination i.e. LAN to WAN to allow the access in UTM network.



  • Select Source as LAN as shown above.
  • In Service click add to add the required port as shown in image below i.e. POP3,SMTP and IMAP.
  • Select the destination zone for specific IP or for any.



  • Under advance setting select the status of the rule whether active or inactive.
  • Select Enable logs option if you want to log activities for the firewall rule.



Apply NAT


This option is used to translate the source IP address of a host of outgoing traffic. These are of the following two types:


For normal firewall rules no need to edit or change these settings and leave it as it is, for SNAT case only need to select SNAT.


  • Masquerade: Masquerade dynamically translates the IP address. If This option is selected, then whatever address is on that outgoing interface will be applied to all the outgoing packets.
  •  SNAT: SNAT applies static IP address to the outgoing packets This option requires IP address of outgoing interface to be entered.


Click Apply to complete the Firewall Rule Configuration and to enable the same.


Note: In this way we can allow mail port or any required port or service in Seqrite UTM.


For assistance please write us @ UTMSupport@Seqrite.com