I can't figure out why this isn't working as I intended... I am trying to allow LDAPS through the firewall for two outside networks.
I have an address group "SPAM Filter IPs" with two address objects (x.x.x.x /27 and x.x.x.x /22) in it.
I have the following WAN to LAN Rules (in this priority)
- "SPAM Filter IPs" to "SBS2011 Public IP", Service:LDAPS, Allow
- Source:Any to Destination:Any, Service:LDAPS, Deny
- Source:Any to "SBS2011 Public IP", Service:"SBS2011 Services", Allow
The tricky part here is that "SBS2011 Services" also has LDAPS included in it... If I remove LDAPS from the "SBS2011 Services" group then LDAPS connection to the SPAM filtering service doesn't work.
Are my rules correct here? I'm trying to tighten up the firewall rules. According to all the SPAM filter service documentation I can find; those two networks are the only...