RV042 and Forefront Online For Exchange

gweeks · ‎06-11-2012

I have a SBS 2011 and a RV042 router. I was going to try Forefront Online For Exchange 60 Day Trial to see how it cleaned up spam, virus etc. Well to accomplish this I have to configure the router to only accept email from Forefront's IP addresses about 13 ranges in all. Has anyone tried this and is it even possible with the RV042 router? Thanks!

Te-Kai Liu · ‎06-11-2012

RV042 supports 30 entries of port-range forwarding and 50 entries of access rules.

gweeks · ‎06-13-2012

So would I make an access rule for every IP or IP range? So set up 13 access rules and port forward like normal? If I creat a rule does it then by default block everything else on that port? or does there have to be a "Deny" rule some how? Thanks for your help!

Te-Kai Liu · ‎06-13-2012

Yes, you would need to add 13 Deny rules followed by 13 Allow rules, one for each IP range.

Here is a related discussion thread.

https://supportforums.cisco.com/message/3480287#3480287

gweeks · ‎06-14-2012

Priority	Policy Name	Enable	Action	Service	Source Interface	Source	Destination	Time	Day	Delete
	13A Foref		Allow	SMTP [25]	WAN	206.16.57.70 ~ 206.16.57.70	Any	Always
	13 Foreft		Deny	SMTP [25]	WAN	Any	Any	Always
	12A Foref		Allow	SMTP [25]	WAN	12.129.219.155 ~ 12.129.219.155	Any	Always
	12 Foreft		Deny	SMTP [25]	WAN	Any	Any	Always
	11A Foref		Allow	SMTP [25]	WAN	12.129.199.61 ~ 12.129.199.61	Any	Always
	11 Foreft		Deny	SMTP [25]	WAN	Any	Any	Always

Is this how you would do it? and if so how do you decide priority? Thanks for the help!

Te-Kai Liu · ‎06-14-2012

Priority = 1 has the highest priority.

You only need one Deny rule placed at the bottom of the table as the others are duplicates.

You should have a forwarding rule that forwards SMTP to an internal IP address. The allow rules should have Destination = the internal IP address.

gweeks · ‎06-15-2012

Thank you Tekliu, I thought the Deny rule was duplicated but I misunderstood your earlier post saying I needed 13 Deny rules Ok I do have SMTP traffice forwarded to my 192.168.1.2 address so I cleaned up the table to this. Does this look correct? Also would you turn on packet logging ?

Priority	Policy Name	Enable	Action	Service	Source Interface	Source	Destination	Time	Day	Delete
	13 Foreft		Allow	SMTP [25]	WAN	206.16.57.70 ~ 206.16.57.70	192.168.1.2 ~ 192.168.1.2	Always
	12 Foreft		Allow	SMTP [25]	WAN	12.129.219.155 ~ 12.129.219.155	192.168.1.1 ~ 192.168.1.1	Always
	11 Foreft		Allow	SMTP [25]	WAN	12.129.199.61 ~ 12.129.199.61	192.168.1.2 ~ 192.168.1.2	Always
	10 Foreft		Allow	SMTP [25]	WAN	216.32.181.1 ~ 216.32.181.254	192.168.1.2 ~ 192.168.1.2	Always
	9 Foreft		Allow	SMTP [25]	WAN	216.32.180.1 ~ 216.32.180.254	192.168.1.2 ~ 192.168.1.2	Always
	8 Foreft		Allow	SMTP [25]	WAN	213.199.180.129 ~ 213.199.180.190	192.168.1.2 ~ 192.168.1.2	Always
	7 Foreft		Allow	SMTP [25]	WAN	213.199.154.1 ~ 213.199.154.254	192.168.1.2 ~ 192.168.1.2	Always
	6 Foreft		Allow	SMTP [25]	WAN	207.46.163.1 ~ 207.46.163.254	192.168.1.2 ~ 192.168.1.2	Always
	5 Foreft		Allow	SMTP [25]	WAN	207.46.51.65 ~ 207.46.51.126	192.168.1.2 ~ 192.168.1.2	Always
	4 Foreft		Allow	SMTP [25]	WAN	94.245.120.65 ~ 94.245.120.126	192.168.1.2 ~ 192.168.1.2	Always
	3 Foreft		Allow	SMTP [25]	WAN	65.55.88.1 ~ 65.55.88.254	192.168.1.2 ~ 192.168.1.2	Always
	2 Foreft		Allow	SMTP [25]	WAN	63.241.222.1 ~ 63.241.222.254	192.168.1.2 ~ 192.168.1.2	Always
	1 Forefro		Allow	SMTP [25]	WAN	12.129.20.1 ~ 12.129.20.254	192.168.1.2 ~ 192.168.1.2	Always
	Deny Fore		Deny	SMTP [25]	WAN	Any	Any	Always
			Allow	All Traffic [1]	LAN	Any	Any	Always
			Deny	All Traffic [1]	WAN	Any	Any	Always
			Deny	All Traffic [1]	DMZ	Any	Any	Always

linksysinfo · ‎06-15-2012

Gilbert, You can get rid of the #14 as it will be denied in the 2nd from last Deny WAN-Any-Any

Regards Simon
http://www.linksysinfo.org

Regards Simon