Probably a dumb question, but I am very inexperienced with how to configure our ASA 5510 - using the ASDM tool seems easier that the old IOS CLI, however.
What I want to do is block all SMTP traffic from leaving our internal network through the firewall, EXCEPT from a few specified servers (mail server, web servers). Here is what I've done:
1) Created a network group with the internal IP addresses of the servers that should be sending email (WEB_EMAIL)
Now, here is what I think I need to do.
2) Set up an inside access rule as follows: Source: WEB_EMAIL Destination:any Service: tcp: smtp Action: permit
3) Set up an inside access rule just below that last one as follows: Source: any Destination:any Service: tcp: smtp Action: deny
Have I got it correct? Or should the destination in both of those rules be the outside IP address? Are there any nasty side effects that I should be aware of?
Thanks
You've got it right; the destination on SMTP traffic is going to be the server that it's attempting to send to, which could be anywhere.
Building the rule on the inside interface was the correct thing to do, as it's controlling traffic that's coming into the inside interface from your internal network.
Should be good to go!