From the course: Firewall Administration Essential Training

Use ports in aliases

From the course: Firewall Administration Essential Training

Start my 1-month free trial

Use ports in aliases

- [Instructor] The alias and the rules we will create will deny unsecured mail services, because I want them blocked by my firewall. And we know that the existing rules will allow what we need to work otherwise. Let's start in Aliases and click Add. Go to Ports, come over here, click the Add button, and we provide the name of what we will want listed in the Ports area when we're creating a firewall rule. And then we can use a description that includes spaces to be a little bit more descriptive. And then we can select Ports, though we don't have to because it's preselected for us because we started in the Ports area, and then we simply start adding ports. And I'm going to add the ports for unsecured SMTP, POP, and IMAP, which is to say ports 25, 143, and 110. Once I've created each of those three port listings, I'll hit Save, and we'll be done with this alias. Click the Apply Changes button. To reinforce this skill, let's go to Firewall, Rules, and configure a rule on the LAN side to deny outbound access to unsecured mail services. We know we're already blocking all traffic inbound on the WAN, so creating a rule to explicitly deny that inbound traffic would be redundant. We want to be as efficient as possible with rule creation, so with that one rule and the help of a port group alias, we are done with securing out network for mail. Click the Add button. For Action choose Reject. Select the local LAN here. Address Family, Protocol will be TCP, and my Destination can be to any unsecured mail services. And then I can come down here, and then a description, and click Save. Click Apply Changes, and you're all set.

Contents