I have a 7100 and had an issue with hacking. I blocked individual IP's but then just added a deny an/any ACL. Now I can't get the Vmail to Email to work unless I remove the deny any and make it an allow any... What do I need to do to prevent hacks but allow Vmail to email delivery.
Depends on where your server is located. You should not need a rule to send an email to the email server since we are originating the packet to the SNMP mail server.
Questions:
1. Where is your mail server located? Local on LAN or cloud based on internet?
2. Can you post your config of your firewall config? The Access policy and access list section?
-Mark
Paul,
First thing you need to understand is that the ADTRAN firewall is way different in configuration from Cisco. You have configured it like you would a cisco.
As of right now you have some severe security holes in your configuration. Right now you are allowing all traffic into your network from the public internet. Your BLOCK-TCP ACL is configured all wrong and you need to remove the permit ip any any statement right away from that.
This configuration really needs a call into our support queue to get this resolved. There are major configuration changes that need to be made.
For starters you can look over the following documents:
NV7100 Security Guide:
https://supportforums.adtran.com/docs/DOC-2951
Configuring firewall in AOS:
https://supportforums.adtran.com/docs/DOC-1657
Hope that helps.
You can open a support ticket online here and find the phone number to call:
http://www.adtran.com/web/page/portal/Adtran/wp_sales_contact
-Mark
Paul,
I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Jay