As per best practices, Cato Networks will be enhancing the default Internet Firewall security policy by prohibiting (blocking) outgoing SMTP and SMB traffic.
In case you have valid outbound service in your organization, you will have to allow the access to maintain functionality. In order to do, you will need to:
1. Log to Cato Management
2. Go to Internet Firewall (under Security):
3. Create new rule under "Exceptions (Allow Applications)" for the desired protocol or service, for instance, SMTP (or any other protocol you'd like) and Allow specific hosts (or site, or ANY) towards Service the selected service.
As per Cato's best practices SMTP and SMB should only be opened for those specific entities that require it. In some occasions, you may want to limit the SMTP traffic to specific server as well (e.g. Google, O365), so this can be considered also as a best practice.
At last, to be more specific you can also allow services such Office365 (or Gmail), that will do the same work, like in the following screen capture:
This will break connections to O365. You must specify the application "outlook" for this to work properly as of 2018/07/12 - DEV
Please sign in to leave a comment.