I need to enter IP filtering on the MX100 to keep certain IP's from trying to login to our mail server accounts causing them to lockout constantly. I do not have the option to only allow designated static IP's access to the mail IMap server. I also get monthly excel updates of Malware IP's and Domains that need to get blocked from/to our firewall. What method(s) will allow this?
Solved! Go to Solution.
This document explains this well:
Have you got an advanced security licence? If so, go:
Security Appliance/Threat Protection/
Intrusion detection and prevention mode=Prevention
Secuity Appliance/Content Filtering
Add: Bot Nets, Illegal, Malware Sites, Proxy Avoidance and Anonymlisers
Do the above till will gain you substantial protection - using dynamic lists rather than something manually configured.
To only allow specific IPs to get to your IMAP service go:
Security Appliance/Firewall/Forwarding rules
Locate your IMAP forwarding rule. Scroll across to the "Allowed remote IPs" columns. Change "Any" to just the list of allowed remote IPs. All others will be blocked.
@gparach So your post got me thinking and I spoke with out exchange admin as well about it. It does seem that we have no way to block specific IP's on a NAT statement. You can blacklist IP's however via exchange according to out exchange admin, but he did warn, if it is a attacker, They will just attack from another IP. His recommendation to solve this issue was the change the users account username for authentication.
This method wont work for users that don't have static IP addresses. I don't want an ALLOW list, I want a DIS-ALLOW list.
Why don't you make a reservation for these users. This way they will have a static IP.
This isn't exchange email and changing the user account is temporary at best (until they discover it) and a huge inconvenience to re-distribute the users change out to all contacts. My upcoming email version has Two Factor Authentication that should alleviate this issue, however, there should still be something built into the Meraki firewall to add IP block lists to reject someone trying to probe you or break in.