Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Rules on your FW for ESA to work

Hi,
Can someone post here what are the rules on your firewall to make the ESA work as SMTP gateway of your mail servers? (lotus notes,exchange,postfix etc)

Thank you..

1 REPLY
New Member

Re: Rules on your FW for ESA to work

This is the list of required firewall ports needed, presuming that the ESA is located in an DMZ, and your mail server is inside your firewall.

Internet to DMZ :
Incoming connections to TCP port 25 (Incoming email)

DMZ to internal network :
Incoming connections to TCP port 25 on your email server(s) (Incoming email)
Incoming connections to port 3268 (non-SSL) or 3269 (SSL) on your Active Directory server(s) (LDAP access to AD) OR
Incoming connections to port 3389 (non-SSL) or 636 (SSL) on your LDAP server(s) (LDAP access)

DMZ to Internet :
Outgoing connections to TCP port 25 (Outgoing email)
Outgoing connections to TCP port 80 and 443 (Anti-Spam/Virus/firmware/etc updates)
Outgoing connections to TCP and UDP port 53 (DNS)
Outgoing connections to UDP port 123 (Time synchronization - a local NTP server can also be used)

Internal network to DNZ :
Outgoing connections to TCP port 25 (Outgoing email)
Outgoing connections to TCP port 443 (HTTPS Web GUI)
Outgoing connections to TCP port 22 (SSH CLI)
Outgoing connections to TCP port 80 (HTTP Web GUI) - Optional
Outgoing connections to TCP port 23 (Telnet CLI) - Optional

148
Views
0
Helpful
1
Replies