+ Post New Thread
Results 1 to 13 of 13
Internet Related/Filtering/Firewall Thread, asa5505 Firewall in Technical; Good Morning Everyone, We are having a new financial system installed in the next 10 days they require port 25 ...
  1. #1
    staningrimsby's Avatar
    Join Date
    Jan 2013
    Location
    Grimsby
    Posts
    143
    Thank Post
    5
    Thanked 4 Times in 4 Posts
    Rep Power
    4

    asa5505 Firewall

    Good Morning Everyone,

    We are having a new financial system installed in the next 10 days
    they require port 25 opening on the firewall for an SMTP relay
    to the web portal.

    I have never had to do anything to the firewall since its been in
    so does anyone have any web sites or advice on opening the port up
    via the Firewalls ASDM ???

    Cheers
    Stan.

  2. #2

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    questions...

    In which direction? (from inside to an outside host, or outside to inside)?

    If the latter do you have a static IP? you will need to configure firewall and NAT

    If the former then you may need to do nothing.

    Do you have the login for the ASA.

    Do you have an on site SMTP server for your incomming mail?

    Are you sure the requirement relates to the internet firewall and not on the server itself.

    TT

  3. #3
    staningrimsby's Avatar
    Join Date
    Jan 2013
    Location
    Grimsby
    Posts
    143
    Thank Post
    5
    Thanked 4 Times in 4 Posts
    Rep Power
    4
    Thanks for the reply, at the moment I don't have all the info but am led to beleive
    that it will be from outside to inside as the portal runs via IIS,

    The clients are assigned DHCP and do not have statics at the moment but obviously the server does
    have a static IP, I do have a login for the ASA and we are not runing an SMTP Server it will simply
    be a school email running an SMTP relay.

  4. #4

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    Quote Originally Posted by staningrimsby View Post
    Thanks for the reply, at the moment I don't have all the info but am led to beleive
    that it will be from outside to inside as the portal runs via IIS,

    The clients are assigned DHCP and do not have statics at the moment but obviously the server does
    have a static IP, I do have a login for the ASA and we are not runing an SMTP Server it will simply
    be a school email running an SMTP relay.
    What exactly have you been asked?

    For an external service to connect to you, your internet service will need a static IP.

    It would be unusual for a 3rd part to ask for port 25 to be port forwarded Out->In as it's highly likly to conflict with regular mail services.

    It's more likely they need you to have port 25 un-firewalled on the server for the finance system, or they need the finance system to be able to contact an external server on port 25.

    Rob

  5. #5
    staningrimsby's Avatar
    Join Date
    Jan 2013
    Location
    Grimsby
    Posts
    143
    Thank Post
    5
    Thanked 4 Times in 4 Posts
    Rep Power
    4
    Hi Rob,

    I havn't een told a lot at the moment to be honest, I was given a list of server firewall ports that need looking at such as
    port 80, 777, and a couple of others then I was told by the SBM that they had been in touch and port 25 would need to be open
    on the external firewall for SMTP relay.

    As we currently use google apps for education for our email system I was told another account outside this domain would have to be created to facilitate the SMTP relay.

  6. #6

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,447
    Thank Post
    1,537
    Thanked 1,069 Times in 934 Posts
    Rep Power
    305
    What finance system is it as on here most will be in use and someone can advise what they have done instead :-)

  7. #7

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    If they have not asked for port 25 on the server , then they can't be expecting to make an inbound connection ( unless they have also asked for a nat from XYZ port on the external IP to port 25 on your server.

    I suspect they are specifying that the server needs to be able to contact their external SMTP server.

    Assuming that's the case then your either in luck and your server can connect to external SMTP already.

    try this from the command line

    telnet mx4.hotmail.com

    if the server responds then your HOT


    if not it's ASA time, and a screenshot of the firewall rules page will be a big help as each situation is different, however there should be a section named INSIDE (may have been renamed) which is where rules from the standard inside interface go. You would place a rule in there with the source as the server , service as smtp destination their server.

    There's a "Packet Trace Tester" on one of the menus that's also useful for testing and identifying where blocking is occurring.

    Rob

  8. #8
    hit
    hit is offline
    hit's Avatar
    Join Date
    Mar 2008
    Location
    London
    Posts
    326
    Thank Post
    49
    Thanked 50 Times in 48 Posts
    Rep Power
    51
    Quote Originally Posted by twin--turbo View Post
    telnet mx4.hotmail.com
    Shouldn't that be telnet mx4.hotmail.com:25

  9. #9

    Join Date
    Oct 2010
    Location
    Norfolk
    Posts
    120
    Thank Post
    1
    Thanked 20 Times in 19 Posts
    Rep Power
    12
    Hi, it sounds like you are having PS Financials installed. They need the relay to send the order confirmations etc through / to your accounts. I think it sends from a @psf.com account, I also think you can just sent up a standard email account and input the username/password/server address for it to use.

  10. #10
    staningrimsby's Avatar
    Join Date
    Jan 2013
    Location
    Grimsby
    Posts
    143
    Thank Post
    5
    Thanked 4 Times in 4 Posts
    Rep Power
    4
    Hi Guys,

    Thank yu for all the help it is PS Financials thats being installed, and I will take a screen shot of the rules page when I get to work on Monday.

    Will also give telnet mx4.hotmail.com:25 a go as well thanks and see what the response is.

    Regards
    Stan.

  11. #11

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,406
    Thank Post
    307
    Thanked 307 Times in 265 Posts
    Rep Power
    83
    We have PSF relay via our internal exchange server. No need to setup port 25 access on the external firewall unless you don't run internal servers? In which case you'll need the server to relay via your external user and may need to setup a specific email user/account for PSF.

  12. #12

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    78
    Seems like you're not using Exch at all. You need to find out what the requirement is, and where the system will be installed, intrnally on your LAN or is is external. And where they want to relay to.

  13. #13
    staningrimsby's Avatar
    Join Date
    Jan 2013
    Location
    Grimsby
    Posts
    143
    Thank Post
    5
    Thanked 4 Times in 4 Posts
    Rep Power
    4
    HI Guys,

    Thank you for the replys, no we are not using any form of Exchange and we have been requested to setup specific email as Soulfish says,
    I am going to try and ring Saj at Wanstor today to see if I can get a bit more info.

    Regards
    Stan.



SHARE:
+ Post New Thread

Similar Threads

  1. CISCO ASA5505 Firewall (port forwarding)
    By phughes in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 2nd November 2010, 12:16 PM
  2. Barracuda Spam Firewall
    By Norphy in forum Wireless Networks
    Replies: 4
    Last Post: 24th February 2006, 03:48 PM
  3. Replies: 10
    Last Post: 1st February 2006, 02:02 PM
  4. Windows Firewall
    By GrumbleDook in forum Windows
    Replies: 16
    Last Post: 31st August 2005, 01:54 PM
  5. Replies: 0
    Last Post: 26th August 2005, 02:29 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •