7021268: IP Addresses to allow mail from

This document (7021268) is provided subject to the disclaimer at the end of this document.

Environment

Secure Messaging Gateway Cloud Service

Situation

Our local Firewall restricts SMTP to certain IP Addresses. What are the IP Addresses that need to be whitelisted on the firewall?

Resolution

Here are the IP addresses that need to be allowed to connect to your Email Server and deliver mail:

34.198.182.115

These IP addresses must be able to connect to your SMTP Gateway to ensure successful Email delivery.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

Re: FLR fails for vProxy and Data Domain with NAT

Hi All

We are running a trial on Networker and are attempting to do a file level restore from VM that was backed up up to a Data Domain. The Data Domain is on a different network behind firewalls and NAT is used.

From the vProxy logs we see the nfs add from the Data Domain but its using hard codes IP addresses.

2018/07/06 14:43:59 TRACE: [@(#) Build number: 194] Output of ‘nfs add /data/col1/kdc-nsrvf1/FLR-IRTTENVP01-00e3c487-b721-45d6-9789-83be01dacb44 10.33.160.75 fe80::250:56ff:fe93:2ec0 10.97.167.48 fe80::225:b5ff:fe03:22c (rw,no_root_squash,no_all_squash,secure)’ on host ‘kdc-dd1.bus’:

2018/07/06 14:43:59 TRACE: [@(#) Build number: 194] NFS export for “/data/col1/kdc-nsrvf1/FLR-IRTTENVP01-00e3c487-b721-45d6-9789-83be01dacb44” added.

It then fails to create the datastore I’m assuming because the Data Domain knows nothing about those IPs as they are real addresses – not the NATed ones that would be expected on the Data Domain network side.

2018/07/06 14:43:59 INFO: [@(#) Build number: 194] Removing NFS export at ‘kdc-dd1.bus:/data/col1/kdc-nsrvf1/FLR-IRTTENVP01-00e3c487-b721-45d6-9789-83be01dacb44’

2018/07/06 14:44:01 TRACE: [@(#) Build number: 194] Output of ‘nfs del /data/col1/kdc-nsrvf1/FLR-IRTTENVP01-00e3c487-b721-45d6-9789-83be01dacb44 10.33.160.75 fe80::250:56ff:fe93:2ec0 10.97.167.48 fe80::225:b5ff:fe03:22c’ on host ‘kdc-dd1.bus.unisys.net.nz’:

2018/07/06 14:44:01 TRACE: [@(#) Build number: 194] Deleted 4 NFS clients.

2018/07/06 14:44:01 TRACE: [@(#) Build number: 194] (End of command output)

2018/07/06 14:44:01 INFO: [@(#) Build number: 194] Unmounting after mount failure: Unable to create datastore ‘EMC-FLR-IRTTENVP01-1525389553’ using ‘kdc-dd1.bus:/data/col1/kdc-nsrvf1/FLR-IRTTENVP01-00e3c487-b721-45d6-9789-83be01dacb44’: ServerFaultCode: An error occurred during host configuration.

2018/07/06 14:44:01 TRACE: [@(#) Build number: 194] Entering doUnmount

2018/07/06 14:44:01 TRACE: [@(#) Build number: 194] Connecting to backup device ‘kdc-dd1.bus’

2018/07/06 14:44:02 NOTICE: [@(#) Build number: 194] DD Model = “DD6300”, DDOS Version = “Data Domain OS 6.1.0.21-579789”, DD Boost Version = “3.4.0.4-569771”.

2018/07/06 14:44:02 INFO: [@(#) Build number: 194] Releasing datastore ” ()

2018/07/06 14:44:02 INFO: [@(#) Build number: 194] Removing NFS export at ‘kdc-dd1.bus:/data/col1/kdc-nsrvf1/FLR-IRTTENVP01-00e3c487-b721-45d6-9789-83be01dacb44’

2018/07/06 14:44:03 ERROR: [@(#) Build number: 194] Unable to remove NFS export at ‘kdc-dd1.bus.unisys.net.nz:/data/col1/kdc-nsrvf1/FLR-IRTTENVP01-00e3c487-b721-45d6-9789-83be01dacb44’: Unable to run SSH command, error Unable to get command output of ‘nfs del /data/col1/kdc-nsrvf1/FLR-IRTTENVP01-00e3c487-b721-45d6-9789-83be01dacb44 ‘, error Process exited with: 34. Reason was: ()

We want the vProxy to use the hostnames – not the IPs. Does this suggest the vProxy is not supported for NAT. I can’t find anything in the documentation on this?

Any help would be appreciated.

Thanks

Craig

Related:

  • No Related Posts

WSS failover VPN Tunnel for Palo Alto FW

I need a solution

Hi 

Just wondering if anyone has seen issues with setting up the VPN tunnel failover monitoring for WSS on a palo firewall 

we are trying to set it to monitor the sydney data centre IP

peer ip:                103.246.36.164

but the remote endpoint symantec gets no response to the heart beat/keep alives and keeps trying to renegotiate keys when no response is received 

to be clear the palo guide has been followed to the letter – but is light on the details to set the monitoring 

https://portal.threatpulse.com/docs/am/AccessMetho…

it gives the following detail on monitoring 

Assign the Monitor.

  1. Select Monitor.
  2. Select the monitor profile created in Step 6.2.h.
  3. Select Disable this rule if nexthop/monitor IP is unreachable. For more information about this option, see https://live.paloaltonetworks.com/docs/DOC-5952.
  4. Enter the IKE Gateway IP Address (the Symantec datacenter IP).

     

from the palo log 

   monitor:                on

          monitor status:       down

          monitor dest:         103.246.36.164

          monitor interval:     3 seconds

          monitor threshold:    5 probe losses

          monitor packets sent: 825

          monitor packets recv: 0

          monitor packets seen: 0

          monitor packets reply:0

the tunnel comes up and runs fine but when monitoring is set no response is recieved 

0

Related:

  • No Related Posts

use SEP 14 to block Network Access for Win10 1703 and older win10

I need a solution

Is there a way to use SEP 14 to block network access on Windows 10 1703 and older Windows 10 versions?

we have some win10 users who are dragging their feet on upgrading to Win10 1709 and so we want to see if we can use SEP14 to implement Firewall Rules or IPS or anything in SEP’s arsenal to automatically block network access if the OS is Windows 10 1703 and older Win10 versions? and automatically unblock when Win10 1709 is installed?

0

Related:

  • No Related Posts

Firewall performance on OS X – Custom rules are ignored

I need a solution

Running SEPC on a number of OS X 10.13.6 machines.

In the documentation we find:
“For OS X devices, there is no difference in the functionality between the More Secure and Only Outbound & Trusted App levels.”

The documntaion also mentions that at “Sercure” and “More Secure” level:
“Custom rules are processed first followed by the default rules.”

A test using 2 machines using a private network 10.1.15.xxx

10.1.15.200  — We set up a ftp server on port 45000 and a file server on port 8080

10.1.15.4  — Used to access the ftp and file server to see how we can configure the Firewall(s)

10.1.15.200  Firewall Level set to “Secure”:

In this test we were hoping to see a general permissive Firewall on connections from local network with possibility to block certain machines, ports etc.

The result:
Regardless any other settings the Firewall accepts ALL connections from the local network to reach ports 45000 and 8080.

– Adding a test rule “BLOCK ALL”, specifying “Block, Inbound & Outbound, Any computer, All communication” –> The Firewall still accepts all connection attempts from the local network.

– Adding an explicit Firewall Rule to Block TCP&UDP on ports 45000 and 8080 on connections from 10.1.15.4 –> The Firewall still accepts all connection attempts from computer 10.1.15.4.

Turning the test around –> 10.1.15.200 Firewall Level set to “More Secure”:

In this test we were hoping to see a more protective Firewall that would block most connections, but being able to add rules to allow certain traffic — remembering the documentation saying “Custom rules are processed first followed by the default rules.”

The result:
Regardless any other settings the Firewall blocks all attempts to connect on ports 45000 and 8080.

– Adding a test rule “ALLOW ALL”, specifying “Allow, Inbound & Outbound, Any computer, All communication” –> The Firewall blocks all connection attemts on mentioned ports.

– Adding an explicit Rule to Allow  TCP/UDP on ports 45000 and 8080 connections from 10.1.15.4 –> The Firewall Blocks all connection attempts from computer 10.1.15.4

– On the 10.1.15.200 -> In the SEPC -> Security Historty -> Connection Blocking -> ‘right-click’ a blocked event and select “Trust address…” -> “Add to Trust Zone”  (Pop-up window saying ‘…will permanently allow the computer to connect…”)  –> The result is still that the Firewall continues to Block all connections from the computer just added to the “Safe Zone”.

Conclusion so far:
No matter how you set the different Rules and/or switches — The Firewall behaviour looks to be determined only by installed programs and the “Firewall Level”, and your custom rules are not used or ignored.

Anyone that has managed to configure the SEPC Firewall for OS X and made custom rules to work?

0

Related:

  • No Related Posts

When triggers port scan detection an active response

I need a solution

Hello, 

we’re using sep 14.x with activated sep firewall on our W7 Systems. Now I’m just wondering about, why a detected port scan does not trigger an automatic block of the attackers IP address. Could anyone tell me when a logged port scan detection triggers an automatic block and when not. My understandig is, if there is an detected port scan then, if its enabled, IPS is generatig an active response, which means blocking the attackers IP address for a period of time.

till August, 14th this works fine, since then no attackers IPs where blocked anymore. Why?

Thanks in advance for useful suggestions 😉 

Matthias.

See attachments 

With block: 2018-08-21 09_55_37-Symantec.png

Without block: 2018-08-21 09_57_04-Symantec.png

0

Related:

  • No Related Posts

SEP clients without internet access constantly generating e-mail notification

I need a solution

Hello.

We have few computers which are SEP clients and have been recently “disconnected” from internet access on our router firewall. We are using external LiveUpdate server and the specific LiveUpdate addresses also were configured (allowed) on firewall. All the virus definition and client versions are up to date so it works, but after this whole operation we are constantly getting e-mail notification from SEPM and the reports are saying “Over the last 3 days the reputation check for unconfirmed files was unsuccessful due to network errors” (something like that, I had to translate it) – yes, this information is provided every 3 days for every client without internet access.

Should I add some address/addresses to firewall list or configure something in SEPM? Is Symantec cheking reputation of some files online in this scenario?

Would be gratefull for every kind of help or suggestions.

0

1534523702

Related:

  • No Related Posts

Firewall off when on LAN?

I need a solution

Hi guys,

What is the argument for leaving on the SEP firewall when you are on your corporate LAN and behind the corporate firewall?

The argument to disable the firewall would be to reduce complexity and any potential issues with some applications, but why would this be a bad idea?

Location awareness is in use when off LAN (i.e can’t connect to management server) to then enable the firewall, so remote users are still protected.

Cheers,
Sam

0

Related:

  • No Related Posts

MAC Client features selection

I need a solution

I would like to create a MAC client package without the firewall but unlinke Windows packages I cant seem to find a way to exclude features for the SEP client.

We have a user who travels frequently, and use multiple VPN clients to connect to multiple development environment and the SEP client prevent him to access some systems. 

We found out in the logs some blocked connection to certain remote IPs, I have tried creating exclusions in the firewall policy but there are just too many to create for him.

He would like to use the MAC OSX default firewall and keep the Virus protection.

0

Related:

  • No Related Posts