Antivirus Scanning Server with PIX

- C
- CK
  
  Contact options for registered users
posted
17 years ago

Thu, Nov 16, 2006 7:06 AM

Hi All, I am facing problem with Emails in my network.

Currently Spamming is one area i have to look in to.

I have PIX 506 E as gateway Firewall.And all the local users are sending and downloading emails on remote servers on POP3 and SMTP.

I want each mail downloaded and sended by localuser to be scanned at some point and then leave my pix.

So for this is there any Scanning server required? If yes which one. Sugeest Please

How wil PIX translate all SMTP and POP3 address to that Scanning Server

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Sun, Nov 26, 2006 9:01 PM

You cannot do this with a PIX in any software version up to an including the present 7.2(1). For this, you need on of the ASA series.

I suggest that you establish a POP and IMAP proxy server, and block all outgoing POP or IMAP requests except from that server. If you put the server outside of your PIX then you can do transparent redirection (a bit of nuisance to configure on the server itself though); if you put the server inside of your PIX then everyone's proxy settings will have to be changed. You could possibly get it to work transparently by using an 802.1Q VLAN on your 506E as a DMZ and having things transparently routed to there.

There is a big problem that you have to deal with, which is that a lot of email is reached via http or https these days..

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.