Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring Pix with e-mail

Status
Not open for further replies.
jsavely

jsavely

MIS
Aug 23, 1999
5
0
0
US
We have recently purchased a pix firewall and would like to see a sample configuration from someone<br>
that has implemented this product.<br>
We are basically a novell shop and use groupwise 5.5 for e-mail.<br>
We would like to have the e-mail server on the inside of the firewall.<br>
We also have a lot of internet e-mail traffic. Would like to know if we should put<br>
our internet access agent one the outside or maybe allow only smtp to the ip address <br>
of our internal e-mail server.<br>
If anyone has any sugestions let me know.<br>

 
Sort by date Sort by votes
Do you have an answer yet? I install PIX firewalls for TELCO's and I can definitely help.
 
Upvote 0 Downvote
<br>
We did get some info. on this.<br>
The plan is to put GW Webaccess on a seperate server<br>
outside the pix. With groupwise running inside.<br>
Using the pix mailguard option, then open port 25 SMTP<br>
to the Groupwise server.<br>
<br>
Any more suggestions would help.<br>
Thanks for taking the time to respond.<br>

 
Upvote 0 Downvote
You are on the right track. I am also a CNE so if you need an assit on the rebound let me know. I think you have this one nailed.
 
Upvote 0 Downvote
I know this is an old post, but I'd feel a lot safer if all of my boxes were inside the firewall to some degree. If you're really paranoid about someone hacking the Webaccess box, put it on a DMZ leg, but don't put it out in the open as it still has to talk with the GW server, which means it has some authentication going on inside it, and if someone hacks that you're going to be vulnerable. Think about it: Someone hacks the GWIA box and installs a trojan, next thing you know they have all of your remote usernames and passwords (hopefully your users have different GW & NDS passwords). Even if you have a Restricted PIX, you can now add a third ethernet port to it for your DMZ for just the cost of the card.
 
Upvote 0 Downvote
Hi all,
I'm a Netadmin for a small company with a remote office. We are running a mixed NW5.1/4.11/Win2k network with NDS syncing to a remote NW 5.1 box. I'm not formilliar with setting up a firewall solution, so I'm behind the learning curve. The IS manager purchase a PIX 515 v4.4 firewall (restricted s/w). The plan was to have a consultant come in and integrateit, but budget freezes kept that from happening. The plan is to create a DMZ, and still allow for our web services(http,ftp,nds sync,iis) to continue to be accessed both inside and out. Anyone have any suggestions on where to begin? As far as setting up the PIX, the documentation is clear enough, but I understand that an unrestricted s/w needs to be obtained. I've tried to contact Cisco, but haven't had any word from them. Any help would be greatly appreciated.
Thx,

Domenick Pellegrini
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
140
Sameer258
Sameer258
stanlyn
  • Question
Uncoupled Disk Encryption
Replies
0
Views
169
stanlyn
stanlyn
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
64
acabezas2014
acabezas2014
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
138
Johnkite
Johnkite
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
48
ISDPCMAN
ISDPCMAN

Part and Inventory Search

Sponsor

Back
Top