6.5.8. SMTP Log Receiver for IDP
Events
the firewall on the WAN interface as illustrated below.
An IDP rule called IDPMailSrvRule will be created, and the Service to use is the SMTP service. Source Interface
and Source Network defines where traffic is coming from, in this example the external network. The Destination
Interface and Destination Network define where traffic is directed to, in this case the mail server. Destination
Network should therefore be set to the object defining the mail server.
Command-Line Interface
Create an IDP Rule:
gw-world:/> add IDPRule Service=smtp SourceInterface=wan
Specify the Rule Action:
gw-world:/> cc IDPRule IDPMailSrvRule
gw-world:/IDPMailSrvRule> add IDPRuleAction Action=Protect
Web Interface
Create an IDP Rule:
This IDP rule is called IDPMailSrvRule, and applies to the SMTP service. Source Interface and Source Network
define where traffic is coming from, in this example, the external network. The Destination Interface and
Destination Network define where traffic is directed to, in this case the mail server. Destination Network should
therefore be set to the object defining the mail server.
1.
Go to IDP > IDP Rules > Add > IDP Rule
2.
Now enter:
•
Name: IDPMailSrvRule
•
Service: smtp
•
Also inspect dropped packets: In case all traffic matching this rule should be scanned (this also means
traffic that the main rule set would drop), the Protect against insertion/evasion attacks checkbox
should be checked, which is the case in this example.
•
Source Interface: wan
•
Source Network: wannet
•
Destination Interface: dmz
SourceNetwork=wannet
DestinationInterface=dmz
DestinationNetwork=ip_mailserver
Name=IDPMailSrvRule
IDPServity=All Signatures=IPS_MAIL_SMTP
287
Chapter 6. Security Mechanisms