Outlook 2003 Connection to Exchange Server

I am having a problem connecting to our exchange server. I use a VPN to tunnel into our server, that is working, I can browse our server with file explorer. However, when I start up Outlook, it won’t (is unable to) connect. I did recieve email from one of my other pop3 accounts so I’m not sure what rules I need to make with the connection to exchange.

Thanks in advance
Kevin

If you right-click the firewall icon and select “Allow All” are you able to get email from the Exchange server?

If not:
Do you have an account in Outlook setup to connect to the Exchange server?

If you do have an account setup:
Check the log file under “Activity > Logs”. See if something is showing as being blocked and post it back here so someone can help you set up the needed rules.

If this is a company email server and you do not have an account setup in Outlook then you would need to talk to your company system administrator and have them set it up for you. I doubt if they would want the name of the server and the details posted publicly.

jasper

Jasper

I created a rule to open up access into our server local network (i.e. the local server address is 192.168.20.1) so I opened up the whole range. I know this is working because I can browse all of the public folders published on our server (i.e. \server\shared files )

I can see a block on the log:
Inbound Policy Violation
IGMP incoming
192.168.20.23
Destination 224.0.0.1
Network control rule 10

Rule 10:
block and log ip in or out from ip[any] to ip ]any] where ipproto is any

My rule (rule 10) to our server is
allow and log tcp or udp in or out from 192.168.1.1 - 192.168.1.255 to iprange 192.168.20.1 to 192.168.20.255 where source port is [any] and destination port is [any]

Interestingly asked to to create a rule alert on rule 10 but it never came up.

Any ideas?

Kevin

Tried turning rule 10 off and restarting comodo but the block still gets logged.

One other thing, outlook does hookup with the firewall off so I know it is working…

Keivn

Ok you are on the right track. I would change Rule 10 to be IN only. That way it will not be the reason something is getting blocked going OUT. It should also be at the very bottom of your rule list.

For the item you listed as being blocked I would write a new rule at the top of the rules list like this:

ALLOW - check checkbox
IP
IN

Source address : 192.168.20.23
Dest. Address: 224.0.0.1
Details : IGMP

I would make a rule for each individual item that is blocked in the log. Once you write a new rule it will take a minute or so for it to become active so give it some time before trying your email again. Put all of the new rules at the top of your rule list to be sure they do not get blocked.

When I am setting up a firewall from scratch I do 3 things:

  1. Set up a Trusted Network
  2. Make a rule: ALLOW ALL OUT TCP/UDP
  3. Make a rule: BLOCK ALL IN IP

If I get something that doesn’t work then I go to the log to see what is getting blocked and make individual rules above the ALL OUT rule for each instance of a port or address being blocked. If something is getting blocked IN then I make a rule right then just for that INBOUND block then go back to the log to see what else is getting blocked and do the same again. It makes it easier for me to keep track of things. Just my personal preference.

Everytime you see something blocked make a rule just for that block. Use the window below the Activity log and it will tell you exactly how to write the rule. If you see something in the log and you are not sure how to write the rule then post it back here and myself or someone else will be glad to help you write the rule.

Don’t change anything else that you already have except the one Block rule that I mentioned. That way you will not mess up any connections that already work (Very important).

jasper

I’m having a hell of time here. Everytime I open something up, another block pops up. I starting to think I am doing something wrong here. I used to use zone alarm and never had any of these issues. This fw seems to be much more low level than others.

One question I have is DNS - I use OpenDNS servers, all of which are configured with y router. I see alot of blocks and they come from a few different ip addresses. Is there a rule to generically open up DNS so that I don’t have to hard code these IP’s? Would DNS be use GRE (I’m just starting to try to figure out all the protocol stuff)?

I think some stickies are in order for setup of the following (which always seem to be difficult with firewalls):
-VPN
-Remote Desktop

  • Email , Email via VPN to Exchange Server

Cheers,
Kevin

Ok, let’s take one thing at a time and get you working.

You should have a rule in the Network Monitor list that looks like this:

ALLOW-check the checkbox
TCP/UDP
OUT

SOURCE IP: ANY
DEST. IP: ANY
SOURCE PORT: ANY
DEST. PORT: ANY

If it is in the list make sure it is at the top. All of the block rules should be at the bottom. Make sure the rule that I wrote above is in your list at the top of your list. We won’t worry about any of the other rules until you get up and running again. Put that rule in your list then post back here and let us know what is happening. I will hang on here to help you get going.

jasper

Kevin,

Something that may help you get your mind around CPF is a little clarification of the way it works (and why it’s different than other firewalls).

The Network Rules control how any communication (in or out) occurs. It can be as general/basic as the rules Jasper posted above, to the complexity of specific IP Protocols on specific Ports, to specific IP addresses. Everything happens in the context of those rules. CPF filters traffic downwards thru the rules (from top to bottom); it stops when it reaches a rule that either allows it or blocks it.

The Application Monitor controls what applications are allowed to communicate, within the context of the Network Rules. If you have CPF set to give you alerts, and an application is not allowed to communicate in the way it is trying to, you will get a popup.

The Component Monitor loads all individual modules of each application when the application is verified. If you want to deny a specific module at that level, you can.

I have one thing to add to Jasper’s 3 steps to set up CPF - I also advise running the Application Wizard, and rebooting following those steps, to clear out CPF’s memory completely.

Running the Network Wizard should create all necessary Network Rules to allow the communication you need. Running the Application Wizard should approve all necessary applications.

I think Jasper has a good grasp on the situation, to provide you with the help you need. I just wanted to add this info, as it may help you to understand CPF a little better. Most firewalls do not have CPF’s level of complexity; they also don’t have its level of security (not just my opinion…) :wink:

https://forums.comodo.com/index.php/topic,4232.0.html

LM

Any suggestions to help get Kevin up and running are welcome Little Mac. My plan was to make sure everything is getting out then checking for his Trusted Network and then working from there. I have used OpenDNS and if your IP changes then you have to get it re-evaluated again from my experience, so having a static IP is best.

It was working fine yesterday so something got changed from yesterday.

Again, thanks for the help.

jasper

My experience has been that once rules start getting changed in an effort to “fix” a problem, things tend to go downhill… :wink: When there’s something on this level of complexity (which it appears you have experience with the problem - Good!) my inclination is to start fresh with the Network Rules.

My steps would be:

Remove all Network Rules.
Add your two rules - the Allow Out, Block In basic rules.
Reboot computer.
Run Network Wizard.
Run Application Wizard.
Make sure alerts and logging are enabled, no alerts for Comodo-certified apps, skip loopback (unless specifically needed), etc.
Reboot computer.

Then see what communication is failing, as you have noted, and create specific rules as needed for that, the VPN, etc.

Just a note: You might be surprised at the difference the reboot makes…

LM

If I were onsite I would uninstall the firewall and start from scratch and do the things you suggested. In fact, uninstalling/reinstalling CPF is probably the best thing. This would clean it all up and allow the apps to start working again. Then we would know what rules are in the list for sure.

jasper

You have a point. I prefer not to go to an uninstall until I think it’s absolutely necessary, simply because I don’t like doing it if it can be repaired. However, it has been noted that if uninstall/reinstall fixes it from the start, you don’t waste extra time trying to repair something that may still not work the way you need it to. However, that ultimately is up to Kevin in this case… :wink:

We use an exchange server here as well, without any problems on sending/receiving mail. I also don’t have any IGMP traffic going on. I log my In & Out traffic, so I can see what’s passing through. It seems that a lot of people have multicasting going on… ???

My only real Network Rules for general traffic are to allow TCP/UDP Outbound and Block all Inward access. Any other rules are icing on the cake, for specific port traffic, etc. CPF’s Default Rules are set, I know, to allow for the average type of communication to occur. Unless you have something like Azureus, UTorrent, P2P, etc, it seems to be covered by running the Network Wizard (if needed for connecting computers for file/drive-sharing, etc).

LM