General discussion

Locked

Firewall blocking MSN/Hotmail

By doug m. ·
We are using ISA 2004 and a Sonicwall firewall. Now we can no longer access sites like Hotmail or AOL. We get Error code 64-a time-out error basically. Things worked fine before the Sonicwall. We have made rule exceptions for MSN.com and Hotmail.com and Passport etc. to no avail. Does Hotmail need a certain port open?

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Firewall blocking MSN/Hot ...

You should be able to connect to MSN and Hotmail through Port 80.

Incoming and outgoing mail ports for Internet mail servers are well explained at http://www.emailaddressmanager.com/tips/mail-settings.html.

Check that you aren't stopping traffic on ports 25 (SMTP), 110 (POP3) and 143 (IMAP).

Can you reach the server via a SSH connection on Port 443 with the httpswww.hotmail.com? Note that you will need to verify that certificates are functioning properly if the site offers them.

Collapse -

by BFilmFan In reply to

Also as a totally OFF THE WALL possibility, check this registry setting on the ISA server
HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\EnablePMTUDiscovery to 1 and then rebooting.

ISA changes the registry entry for EnablePMTUDiscovery to 0 on W2K3, for greater hardening of the TCPIP stack. When this is set to zero, it sets ISAs MTU 576 instead of negotiating.

Collapse -

by doug m. In reply to

Poster rated this answer.

Collapse -

by CG IT In reply to Firewall blocking MSN/Hot ...

well one of two thing, either get rid of the sonicwall or get rid of ISA 2004.

You have to forward from the Sonicwall any and all ports you will use to the ISA server external interface. Then you'll have to configure ISA to handle those requests e.g. publish those services in ISA, then create access policy and site/content rules for those services. Further users have to be members of the Internet Users security group AND either be secure NAT or install the firewall client program on client computers.

Collapse -

by doug m. In reply to

Poster rated this answer.

Collapse -

by CG IT In reply to Firewall blocking MSN/Hot ...

well one of two thing, either get rid of the sonicwall or get rid of ISA 2004.

You have to forward from the Sonicwall any and all ports you will use to the ISA server external interface. Then you'll have to configure ISA to handle those requests e.g. publish those services in ISA, then create access policy and site/content rules for those services. Further users have to be members of the Internet Users security group AND either be secure NAT or install the firewall client program on client computers.

Collapse -

by doug m. In reply to

Poster rated this answer.

Collapse -

by cliff680 In reply to Firewall blocking MSN/Hot ...

You need to change the WAN MTU setting on the Sonicwall to 1404.
If you have a TZ 170 or later to do this, click on Network, then click configure on the WAN link, click on the ethernet tab and about half way down change the WAN MTU to 1404.
That should take care of your problem.

Collapse -

by doug m. In reply to

Poster rated this answer.

Collapse -

by doug m. In reply to Firewall blocking MSN/Hot ...

This question was closed by the author

Back to Security Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums