Access from the Internet
SMTP
By default SMTP is configured for non relay access from the Internet. External users can connect to FTGate and send to local users but will be unable to send back to the Internet. Thus by default FTGate cannot be used as an open relay by Spammers.
POP3/IMAP/LDAP
In order to allow Internet access to these services, change the service security policy for the service form the Default LAN Security Policy to the Global Security Policy.
WebMail
In order to allow access to WebMail for Internet users there are 3 choices.
-
You can create a new security policy for WebMail with the WAN address range set with only the PA flag. This will allows Internet access to WebMail while restricting access to POP3 and IMAP. This is the recommended option.
-
Change the WebMail security policy to “Global Security Policy”. This will allow all machines on the Internet to access WebMail. However, if you have the global policy set to verify addresses using RBL then each page access will have an RBL test performed on it. This can slow down access.
-
You can change the LAN security policy and check the PA checkbox for the WAN range. This will make ALL your services using this policy (POP3 and IMAP) available to all Internet users. This is not recommended if you wish to protect your POP3 and IMAP services.
WebAmin.
Change the WebAdmin security policy so that the PA flag is set in the WAN range.
Note:
For each of the above remember that for access to the Web Services to be available you will need the PA flag set, the BL flag clear and the HTTP service to be enabled in the security policy.
In order to access any features of FTGate from the Internet you will require open ports in any firewall protecting your network.
See Firewall ports