About the IMAP-Proxy

IMAP (Internet Message Access Protocol) is a protocol used by email clients to retrieve and manage email messages on an email server over a TCP connection on port 143 or 993. With IMAP, an email client can contact the IMAP server to check for and retrieve email messages. An IMAP email client can retrieve message headers or retrieve an entire message. Because multiple clients can connect and synchronize with the IMAP server, the IMAP email client leaves the message on the server unless the user explicitly deletes it.

The IMAP-proxy can support IMAPS connections on port 993 in Fireware v12.1 and higher.

With an IMAP proxy you can:

  • Configure Gateway AntiVirus, spamBlocker, and APT Blocker to scan message content
  • Customize the deny message that is sent to a user when content or attachments are locked or removed from an email sent to that user
  • Filter content embedded in email with MIME types
  • Strip message headers that match a specified pattern

You can also enable Application Control and IPS in an IMAP-proxy or IMAP packet filter policy.

  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.
  3. For the Select a policy type option, select Proxies.
  4. From the first drop-down list, select IMAP-Proxy.
  5. From the second drop-down list, select an IMAP proxy action.
  6. Click Add Policy.
  1. Click the Add Policy icon.
    Or, select Edit > Add Policies.
    The Add Policies dialog box appears.
  2. In the Proxies folder, select IMAP-proxy.
  3. Click Add Policy.
    The New Policy Properties dialog box appears.

For more information, go to Add a Proxy Policy to Your Configuration.

Which Proxy Action To Use

When you configure a proxy policy, you must select a proxy action appropriate to the policy. For a proxy policy that allows connections from your internal clients to the internet, use the Client proxy action. For a proxy policy that allows connections to your internal servers from the internet, use the Server proxy action.

Predefined proxy actions with Standard appended to the proxy action name include recommended standard settings that reflect the latest Internet network traffic trends.

Configure the IMAP-Proxy Policy

In Fireware Web UI, you configure the IMAP-proxy settings in these tabs:

On the Settings tab, you can set basic information about a proxy policy, such as whether it allows or denies traffic, create access rules for the policy, or configure static NAT or server load balancing. The Settings tab also shows the port and protocol for the policy, and an optional description of the policy. You can use the settings on this tab to set logging, notification, automatic blocking, and timeout preferences.

  • Specify the access rules for the policy. This includes:
  • The disposition for connections the policy applies to. This can be Allowed, Denied, or Denied (send reset).
  • The sources and destinations for connections the policy applies to, configured in the From and To lists.

For more information about access rules, go to Set Access Rules for a Policy.

  • In the To list, configure static NAT to route connections to a server based on the port.
    For more information, go to Configure Static NAT (SNAT).
  • In the To list, configure server load balancing for increased scalability.
    For more information, go to Configure Server Load Balancing.
  • Enable Intrusion Prevention Service (IPS). IPS is enabled for all policies by default.
    For more information, go to Enable or Disable IPS for a Policy.
  • Enable time and bandwidth usage quotas.
    For more information, go to About Quotas.
  • If you set the policy disposition to Denied or Denied (send reset), you can select Auto-block sites that attempt to connect to automatically block sites that try to use IMAP.
    For more information, go to Block Sites Temporarily with Policy Settings.
  • You can specify a custom idle timeout, which is the maximum length of time that a connection stays active when no traffic is sent through the connection.
    For more information, go to Set a Custom Idle Timeout.
  • Configure settings for log messages and notifications.
    For more information, go to Set Logging and Notification Preferences.
  • To configure the TLS settings used for content inspection, select an option from the TLS Support drop-down list.
    For more information, go to IMAP-Proxy: TLS.

TLS Support for the IMAP-proxy is available in Fireware v12.1 and higher.

On the SD-WAN tab, you can select to apply an SD-WAN action to the policy. You can also add a new SD-WAN action. For more information about SD-WAN routing, go to About SD-WAN.

SD-WAN replaces policy-based routing in Fireware v12.3 or higher.

If Application Control is enabled on your Firebox, you can set the action this proxy uses for Application Control.

  1. Select the Application Control tab.
  2. From the Application Control Action drop-down list, select an application control action to use for this policy, or create a new action.
  3. (Optional) Edit the Application Control settings for the selected action.
  4. Click Save.

For more information, go to Enable Application Control in a Policy.

If Geolocation is enabled on your Firebox, on the Geolocation tab, you can select the Geolocation action for this proxy. You can also add a new Geolocation action. For more information about Geolocation, go to Configure Geolocation.

To apply a Geolocation action in a policy:

  1. Select the Geolocation tab.
  2. From the Geolocation Control Action drop-down list, select a Geolocation action.
    Or, to create a new Geolocation action, click Add.
  3. Click Save.

The Geolocation tab is available in Fireware 12.3 or higher.

If you have enabled Traffic Management, on the Traffic Management tab, you can select the Traffic Management actions for the policy. You can also create new Traffic Management actions. For more information about Traffic Management actions, go to Define a Traffic Management Action and Add Traffic Management Actions to a Policy.

You can choose a predefined proxy action or configure a user-defined proxy action for this proxy. For more information about how to configure proxy actions, go to About Proxy Actions.

To configure the proxy action:

  1. Select the Proxy Action tab.
  2. From the Proxy Action drop-down list, select the proxy action to use for this policy.
    Or, to create a new proxy action, select Clone the current proxy action.
    For information about proxy actions, go to About Proxy Actions.
  3. Configure the proxy action settings. For more information, go to Configure the IMAP-Proxy Action.
  4. Click Save.

On the Scheduling tab, you can specify an operating schedule for the policy. You can select an existing schedule or create a new schedule.

  1. Select the Scheduling tab.
  2. From the Schedule Action drop-down list, select a schedule.
    Or, to create a new schedule, select Create New and configure the settings as described in the topics Create Schedules for Firebox Actions and Set an Operating Schedule.
  3. Click Save.

The Advanced tab includes settings for NAT, QoS, multi-WAN, ICMP, and connection rate options.

To edit or add a comment to this proxy policy configuration, type the comment in the Comment text box.

For more information on the options for this tab, go to:

In Policy Manager, you configure the IMAP-proxy settings in these tabs:

To set access rules and other options, select the Policy tab.

  • Specify the access rules for the policy. This includes:
  • The disposition for connections the policy applies to. This can be Allowed, Denied, or Denied (send reset).
  • The sources and destinations for connections the policy applies to, configured in the From and To lists.

For more information about access rules, go to Set Access Rules for a Policy.

TLS Support for the IMAP-proxy is available in Fireware v12.1 and higher.

The Properties tab shows the port and protocol the policy applies to. On the Properties tab, you can configure these options:

  • To edit or add a comment to this policy configuration, type the comment in the Comment text box.
  • To define the logging settings for the policy, click Logging.
    For more information, go toSet Logging and Notification Preferences.
  • If you selected Denied or Denied (send reset)from the IMAP-proxy connections are drop-down list on the Policy tab, you can select Auto-block sites that attempt to connect to automatically block sites that try to use IMAP.
    For more information, go to Block Sites Temporarily with Policy Settings.
  • You can specify a custom idle timeout, which is the maximum length of time that a connection stays active when no traffic is sent through the connection. For more information, go to Set a Custom Idle Timeout.

On the Advanced tab, you can configure these options in your proxy definition:

Configure the IMAP-Proxy Action

You can choose a predefined proxy action or configure a user-defined proxy action for this proxy. For the IMAP-proxy, you can configure these proxy action settings:

Related Topics

About Proxy Policies and ALGs