For secure Internet access DEFENDO offers several proxy services. These should be used in favour of changing the firewall policy.

Browsing the web

Configure the browsers to use DEFENDO's port 8080 as web proxy. HTTP, HTTPS, FTP (downloads only), GOPHER and WAIS connections can be established this way.

Outbound emails

Email clients and server in the LAN should use the SMTP relay server of DEFENDO to send emails.

Inbound emails

Security options and features of the mail server like e.g. mail virusscan and SPAM filtering will only apply to emails delivered via the DEFENDO mail server. Hence direct access to Internet mail servers should not be allowed for any client computer in the LAN. The email configuration wizard of DEFENDO will help you to configure incoming mail.

DNS

Workstations in your LAN should make use of DEFENDO's DNS forwarder for name resolution. It often makes sense that clients contact an internal DNS server (e.g. Windows domain controller) which in turn forwards requests to DEFENDO. Direct connections to Internet DNS server should not be allowed.