I need to enter IP filtering on the MX100 to keep certain IP's from trying to login to our mail server accounts causing them to lockout constantly. I do not have the option to only allow designated static IP's access to the mail IMap server. I also get monthly excel updates of Malware IP's and Domains that need to get blocked from/to our firewall. What method(s) will allow this?
Solved! Go to solution.
Perhaps the layer 7 section under Firewall you can deny a specified IP range?
This document explains this well:
This method wont work for users that don't have static IP addresses. I don't want an ALLOW list, I want a DIS-ALLOW list.
@gparach wrote:This method wont work for users that don't have static IP addresses. I don't want an ALLOW list, I want a DIS-ALLOW list.
Why don't you make a reservation for these users. This way they will have a static IP.
Because they are Public IP cell phone users.
Have you got an advanced security licence? If so, go:
Security Appliance/Threat Protection/
AMP Mode=Enabled
Intrusion detection and prevention mode=Prevention
Ruleset=Security
Secuity Appliance/Content Filtering
Add: Bot Nets, Illegal, Malware Sites, Proxy Avoidance and Anonymlisers
Do the above till will gain you substantial protection - using dynamic lists rather than something manually configured.
To only allow specific IPs to get to your IMAP service go:
Security Appliance/Firewall/Forwarding rules
Locate your IMAP forwarding rule. Scroll across to the "Allowed remote IPs" columns. Change "Any" to just the list of allowed remote IPs. All others will be blocked.
Perhaps the layer 7 section under Firewall you can deny a specified IP range?
The layer 7 firewall blocks outbound requests, not inbound requests due to NATed ports.
@gparach So your post got me thinking and I spoke with out exchange admin as well about it. It does seem that we have no way to block specific IP's on a NAT statement. You can blacklist IP's however via exchange according to out exchange admin, but he did warn, if it is a attacker, They will just attack from another IP. His recommendation to solve this issue was the change the users account username for authentication.
This isn't exchange email and changing the user account is temporary at best (until they discover it) and a huge inconvenience to re-distribute the users change out to all contacts. My upcoming email version has Two Factor Authentication that should alleviate this issue, however, there should still be something built into the Meraki firewall to add IP block lists to reject someone trying to probe you or break in.