Contents

Related Topics

About the IMAP-Proxy

IMAP (Internet Message Access Protocol) is a protocol used by email clients to retrieve and manage email messages on an email server over a TCP connection on port 143. With IMAP, an email client can contact the IMAP server to check for and retrieve email messages. An IMAP email client can retrieve message headers or retrieve an entire message. Because multiple clients can connect and synchronize with the IMAP server, the IMAP email client leaves the message on the server unless the user explicitly deletes it.

The IMAP proxy can inspect encrypted IMAP connections in Fireware OS v12.1 and higher.

With an IMAP proxy you can:

  • Configure Gateway AntiVirus, spamBlocker, and APT Blocker to scan message content
  • Customize the deny message that is sent to a user when content or attachments are locked or removed from an email sent to that user
  • Filter content embedded in email with MIME types
  • Strip message headers that match a specified pattern

You can also enable Application Control and IPS in an IMAP proxy or IMAP packet filter policy.

To add an IMAP proxy to your Firebox configuration, from Fireware Web UI:Closed
  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.
  3. For the Select a policy type option, select Proxies.
  4. From the first drop-down list, select IMAP-Proxy.
  5. From the second drop-down list, select an IMAP proxy action.
  6. Click Add Policy.
To add an IMAP proxy to your Firebox configuration, from Policy Manager:Closed
  1. Click the Add Policy icon.
    Or, select Edit > Add Policies.
    The Add Policies dialog box appears.
  2. In the Proxies folder, select IMAP-proxy.
  3. Click Add Policy.
    The New Policy Properties dialog box appears.

For more information, see Add a Proxy Policy to Your Configuration.

Which Proxy Action To Use

When you configure a proxy policy, you must select a proxy action appropriate to the policy. For a proxy policy that allows connections from your internal clients to the internet, use the Client proxy action. For a proxy policy that allows connections to your internal servers from the internet, use the Server proxy action.

Predefined proxy actions with Standard appended to the proxy action name include recommended standard settings that reflect the latest Internet network traffic trends.

Configure the IMAP Proxy Policy

In Fireware Web UI, you configure the IMAP proxy settings in these tabs:

Settings TabClosed

On the Settings tab, you can set basic information about a proxy policy, such as whether it allows or denies traffic, create access rules for a policy, or configure policy-based routing, static NAT, or server load balancing. The Settings tab also shows the port and protocol for the policy, as well as an optional description of the policy. You can use the settings on this tab to set logging, notification, automatic blocking, and timeout preferences.

  • Specify the access rules for the policy. This includes:
  • The disposition for connections the policy applies to. This can be Allowed, Denied, or Denied (send reset).
  • The sources and destinations for connections the policy applies to, configured in the From and To lists.

For more information about access rules, see Set Access Rules for a Policy.

  • Configure Policy-based routing, if multi-WAN is enabled or if you have configured a virtual BOVPN interface.
    For more information, see Configure Policy-Based Routing.
  • In the To list, configure static NAT to route connections to a server based on the port.
    For more information, see Configure Static NAT.
  • In the To list, configure server load balancing for increased scalability.
    For more information, see Configure Server Load Balancing.
  • Enable Intrusion Prevention Service (IPS). IPS is enabled for all policies by default.
    For more information, see Enable or Disable IPS for a Policy.
  • Enable time and bandwidth usage quotas.
    For more information, see About Quotas.
  • If you set the policy disposition to Denied or Denied (send reset), you can select Auto-block sites that attempt to connect to automatically block sites that try to use IMAP.
    For more information, see Block Sites Temporarily with Policy Settings.
  • You can specify a custom idle timeout, which is the maximum length of time that a connection stays active when no traffic is sent through the connection.
    For more information, see Set a Custom Idle Timeout.
  • Configure settings for log messages and notifications.
    For more information, see Set Logging and Notification Preferences.
  • To enable content inspection, select an option from the TLS Support drop-down list.
    For more information, see IMAP-Proxy: TLS.

TLS Support for the IMAP-Proxy is available in Fireware OS v12.1 and higher.

Application Control TabClosed

If Application Control is enabled on your Firebox, you can set the action this proxy uses for Application Control.

  1. Select the Application Control tab.
  2. From the Application Control Action drop-down list, select an application control action to use for this policy, or create a new action.
  3. (Optional) Edit the Application Control settings for the selected action.
  4. Click Save.

For more information, see Enable Application Control in a Policy.

Traffic Management TabClosed

If you have enabled Traffic Management, on the Traffic Management tab, you can select the Traffic Management actions for the policy. You can also create new Traffic Management actions. For more information about Traffic Management actions, see Define a Traffic Management Action in v11.9 and Higher and Add Traffic Management Actions to a Policy.

Proxy Action TabClosed

You can choose a predefined proxy action or configure a user-defined proxy action for this proxy. For more information about how to configure proxy actions, see About Proxy Actions.

To configure the proxy action:

  1. Select the Proxy Action tab.
  2. From the Proxy Action drop-down list, select the proxy action to use for this policy.
    Or, to create a new proxy action, select Clone the current proxy action.
    For information about proxy actions, see About Proxy Actions.
  3. Configure the proxy action settings. For more information, see Configure the IMAP Proxy Action.
  4. Click Save.
Scheduling TabClosed

On the Scheduling tab, you can specify an operating schedule for the policy. You can select an existing schedule or create a new schedule.

  1. Select the Scheduling tab.
  2. From the Schedule Action drop-down list, select a schedule.
    Or, to create a new schedule, select Create New and configure the settings as described in the topics Create Schedules for Firebox Actions and Set an Operating Schedule.
  3. Click Save.
Advanced TabClosed

The Advanced tab includes settings for NAT, QoS, multi-WAN, ICMP, and connection rate options.

To edit or add a comment to this proxy policy configuration, type the comment in the Comment text box.

For more information on the options for this tab, see:

In Policy Manager, you configure the IMAP proxy settings in these tabs:

Policy TabClosed

To set access rules and other options, select the Policy tab.

  • Specify the access rules for the policy. This includes:
  • The disposition for connections the policy applies to. This can be Allowed, Denied, or Denied (send reset).
  • The sources and destinations for connections the policy applies to, configured in the From and To lists.

For more information about access rules, see Set Access Rules for a Policy.

  • In the To list, configure static NAT to route connections to a server based on the port.
    For more information, see Configure Static NAT.
  • In the To list, configure server load balancing for increased scalability.
    For more information, see Configure Server Load Balancing.
  • Configure Policy-based routing, if multi-WAN is enabled or if you have configured a virtual BOVPN interface.
    For more information, see Configure Policy-Based Routing.
  • Select the Proxy action to use for this policy.
  • Click to view and edit the proxy action. For more information, see Configure the IMAP Proxy Action.
Properties TabClosed

The Properties tab shows the port and protocol the policy applies to. On the Properties tab, you can configure these options:

  • To edit or add a comment to this policy configuration, type the comment in the Comment text box.
  • To define the logging settings for the policy, click Logging.
    For more information, see Set Logging and Notification Preferences.
  • If you selected Denied or Denied (send reset) in the IMAP-proxy connections are drop-down list on the Policy tab, you can select Auto-block sites that attempt to connect to automatically block sites that try to use IMAP.
    For more information, see Block Sites Temporarily with Policy Settings.
  • You can specify a custom idle timeout, which is the maximum length of time that a connection stays active when no traffic is sent through the connection. For more information, see Set a Custom Idle Timeout.
  • To enable content inspection, select an option from the TLS Support drop-down list.
    For more information, see IMAP-Proxy: TLS.

TLS Support for the IMAP-Proxy is available in Fireware OS v12.1 and higher.

Advanced TabClosed

 You can also configure these options in your proxy definition:

Configure the IMAP Proxy Action

You can choose a predefined proxy action or configure a user-defined proxy action for this proxy. For the IMAP proxy, you can configure these proxy action settings:

See Also

About Proxy Policies and ALGs

Give Us Feedback     Get Support     All Product Documentation     Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.