Restrict SMTP to list of allowed IPs

holyeraholyera Member
in aFleX
MS Exchange 2007 services under one VIP, on AX 3200-12's in one-arm mode. I want to restrict the SMTP service to allow only a predefined list of client IP addresses or networks to go through. This would match the allow list on the Exchange Server configuration. The reason for this is since the AX's are in one-arm mode using source NAT, in order to allow SMTP from the AX's I have to add their IPs to the allow list in Exchange, thereby making my SMTP service wide open! Not good.
Can I do this with an aFleX script?
Thanks
Tony
Tagged:

Comments

  • mischamischa Member
    edited May 2014
    You have a couple of options in this case. Either use ACLs, PBSLB or indeed with aFleX with or without a class-list.
  • holyeraholyera Member
    edited May 2014
    Thanks Mischa. Finally got around to testing....adding ACLs on the VIP on port 25 worked like a charm. Wasn't sure of the file format for PBSLB, or the exact coding for aFleX, so ACLs was the easier method.
    Tony
  • bgisbgis Member
    edited March 2016
    I got Thunder 3030S. I am in the same boat with exchange 2013 adding ACLs on the VIP Port 25. Currently I have around 200 server/devices relaying via exchange.

    Is there a limitation on how many server/devices I can add to the ACL? I created an extended ACL.

    thank you
Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal