Posts Tagged ‘allow’

Many internal companies use Newsletter services such as Mailchimp to email out internal newsletters. The From Address of this is usually an internal email address which means it will get rejected by the anti spoofing policy

Option 1

In Mimecast Administration Panel go to : 

Administration -> Gateway -> Policies -> Anti Spoofing SPF based Bypass

  1. Add the following Policy, this will only whitelist IP’s in your SPF Record,  so putting servers.mcsv.net will not work , you will also have to put “ip4:205.201.128.0/20 ip4:198.2.128.0/18 ip4:148.105.0.0/16” in your SPF record. If your SPF is over 255 characters : try option 2

 

Option 2

Administration -> Gateway -> Policies -> Anti Spoofing

Add the policy below , you can get a list of IP’s Mailchimp user here

Find the From Address its spoofing along with the IP

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Below changes were added.

  • Added TCP 5060 for SIP(As sometimes this can be TCP/UDP) for all WANS
  • RTP port range 6200 – 6214 added for Inbound for all WANS
  • SIP domains allowed for Inbound for all WANS

SIP ALG turn off – Need to run below commands if it’s required. Best to test the phones after above changes.

 

en the Fortigate CLI from the dashboard and enter the following commands:

  • config system settings
  • set sip-helper disable
  • set sip-nat-trace disable
  • reboot the device

Re-open the CLI and enter the following commands:

  • config system session-helper
  • show    (locate the SIP entry, usually 12, but can vary)
  • delete 12    (or the number that you identified from the previous command)

Disable RTP processing as follows:

  • config voip profile
  • edit default
  • config sip
  • set rtp disable

 

 

config system settings
set default-voip-alg-mode kernel-helper-based
end

Important is that you need to configure it on all the VDOM`s
 
A reboot is not necessary, Clearing the sessions worked for us:

diagnose sys session filter
diagnose sys session filter dport 5060
diagnose sys session clear
diagnose sys session filter dport 2000
diagnose sys session clear

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently I needed to train a SysAdmin on how to whitelist sites using the Gui. I couldn’t find an online guide ( only using CLI ) so here it is! 

  1. Create a Block and Allow List

2. Add URL’s you would like to block and allow

3. Create a new policy to block and allow these

4. Add this policy as a UTM Policy under Web Filtering Polices

5) Define this UTM policy in between zones 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)