How to configure Firewall to allow HES to connect to LDAP server.
Description
How to configure Firewall to allow HES to connect to LDAP server.
Resolution
In order to get our Hosted Email Security (HES) to work with On-prem Firewall solutions, these are the necessary firewall settings that need to be configured to allow HES to work and block other traffic from using our services. Please also reference SonicWall Hosted Email Security FAQ. As it will show more details regarding HOsted Email Security configurations. Also reference How To Configure LDAP And Enable DHA On HES
Create the following in order of appearance
- Login to firewall.
- Navigate to Network | Services.
- Â Click on Service groups.
- Â Click on Add.
- Â Add LDAP and LDAPS.
- Â Name the file and save it.
Creating Address Objects
- Navigate to Network | Address Objects.
- Click on Add.
- Type in the name and zone is Wan Type is Network.
- Â Enter the following Network address for North America.Â
- Â For EU customers IP is 173.240.221.0/24
Address Objects
- Hosted IP a        173.240.210.0/255.255.255.0
- Hosted IP b        173.240.213.0/255.255.255.0     Â
- Hosted IP c         204.212.170.10
     Â
Add the Address Objects to an Address Group
- Â Click on Network | Address Objects | Address groups.
- Â Click on Add.
- Â Enter the name Hosted IPs
- Â Add the Hosted IP A, Hosted IP B, Hosted IP C to the group.
Nat Policies(for LDAP traffic  )
- Navigate to Network | Nat Policies.
- Â Click on Add.
-  It should look like the screen below. Â
- Any
- Original
- Public IP
- Private IPÂ
- LDAP+S
- Original
Access Rules
- Â Navigate to Firewall | Access Rules.
- Click on WAN to LAN.
- Click Add.
- Â Type in the following access rules shown below.
Allow Rule
- Wan
- Lan
- Hosted IPs
- Public IP
- LDAP+S
- Allow   Â
Deny Rule
- Wan
- Lan
- Any
- Public IP
- LDAP+S
- DenyÂ
TIP:Â Please make sure the Allow Rule has higher priority that Deny Rules.
This should configure the firewall to allow hosted to work.Â