About the POP3-Proxy

POP3 (Post Office Protocol v.3) is a protocol that moves email messages from an email server to an email client on a TCP connection over port 110 or port 995. With POP3, an email client contacts the email server and checks for any new email messages. If it finds a new message, it downloads the email message to the local email client. After the message is received by the email client, the connection is closed.

The POP3-proxy supports encrypted POP3 connections on port 995 in Fireware OS v12.2 and higher.

With a POP3-proxy filter you can:

  • Adjust timeout and line length limits to make sure the POP3-proxy does not use too many network resources, and to prevent some types of attacks.
  • Customize the deny message that is sent to a user when content or attachments are stripped from an email sent to that user.
  • Filter content embedded in email with MIME types.
  • Block specified path patterns and URLs.

To add the POP3-proxy to your Firebox configuration, go to Add a Proxy Policy to Your Configuration.

Which Proxy Action To Use

When you configure a proxy policy, you must select a proxy action appropriate to the policy. For a proxy policy that allows connections from your internal clients to the internet, use the Client proxy action. For a proxy policy that allows connections to your internal servers from the internet, use the Server proxy action.

Predefined proxy actions with Standard appended to the proxy action name include recommended standard settings that reflect the latest Internet network traffic trends.

Configure the POP3-Proxy

Settings Tab

On the Settings tab, you can specify whether the policy allows or denies connections, and configure the source and destination of traffic the policy applies to. This tab also shows the ports and protocols the policy applies to. Other settings on this tab control logging, notification, automatic blocking, timeout, and some services.

  • Connections are — Specify whether connections are Allowed, Denied, or Denied (send reset).
  • Define the policy source and destination in the From and To list (on the Policy tab of the proxy definition). Go to Set Access Rules for a Policy.
  • In the To list, you can also configure static NAT or configure server load balancing. Go to Configure Static NAT (SNAT) and Configure Server Load Balancing.
  • To define the logging settings for the policy, configure the settings in the Logging section. For more information, go to Set Logging and Notification Preferences.
  • If you set the Connections are drop-down list to Denied or Denied (send reset), you can block sites that try to use POP3.
    For more information, go to Block Sites Temporarily with Policy Settings.
  • To change the idle timeout that is set by the Firebox or authentication server, go to Set a Custom Idle Timeout.
  • To configure the TLS settings used for content inspection, select an option from the TLS Support drop-down list.
    For more information, go to POP3-Proxy: TLS.

  • TLS Support for the POP3-proxy is available in Fireware OS v12.2 and higher.

SD-WAN Tab

On the SD-WAN tab, you can select to apply an SD-WAN action to the policy. You can also add a new SD-WAN action. For more information about SD-WAN routing, go to About SD-WAN.

SD-WAN replaces policy-based routing in Fireware v12.3 or higher.

Geolocation Tab

If Geolocation is enabled on your Firebox, on the Geolocation tab, you can select the Geolocation action for this proxy. You can also add a new Geolocation action. For more information about Geolocation, go to Configure Geolocation.

To apply a Geolocation action in a policy:

  1. Select the Geolocation tab.
  2. From the Geolocation Control Action drop-down list, select a Geolocation action.
    Or, to create a new Geolocation action, click Add.
  3. Click Save.

The Geolocation tab is available in Fireware 12.3 or higher.

Application Control Tab

If Application Control is enabled on your Firebox, you can set the action this proxy uses for Application Control.

  1. Select the Application Control tab.
  2. From the Application Control Action drop-down list, select an application control action to use for this policy, or create a new action.
  3. (Optional) Edit the Application Control settings for the selected action.
  4. Click Save.

For more information, go to Enable Application Control in a Policy.

Traffic Management Tab

On the Traffic Management tab, you can select the Traffic Management action for the policy. You can also create a new Traffic Management action. For more information about Traffic Management actions, go toDefine a Traffic Management Action and Add Traffic Management Actions to a Policy.

To apply a Traffic Management action in a policy:

  1. Select the Traffic Management tab.
  2. From the Traffic Management Action drop-down list, select a Traffic Management action.
    Or, to create a new Traffic Management action, select Create new and configure the settings as described in the topic Define a Traffic Management Action.
  3. Click Save.

Proxy Action Tab

You can choose a predefined proxy action or configure a user-defined proxy action for this proxy. For more information about how to configure proxy actions, go to About Proxy Actions.

To configure the proxy action:

  1. Select the Proxy Action tab.
  2. From the Proxy Action drop-down list, select the proxy action to use for this policy.
    For information about proxy actions, go to About Proxy Actions.
  3. Click Save.

For the POP3-proxy, you can configure these categories of settings for a proxy action:

Scheduling Tab

On the Scheduling tab, you can specify an operating schedule for the policy. You can select an existing schedule or create a new schedule.

  1. Select the Scheduling tab.
  2. From the Schedule Action drop-down list, select a schedule.
    Or, to create a new schedule, select Create New and configure the settings as described in the topics Create Schedules for Firebox Actions and Set an Operating Schedule.
  3. Click Save.

Advanced Tab

The Advanced tab includes settings for NAT, QoS, multi-WAN, and ICMP options.

To edit or add a comment to this proxy policy configuration, type the comment in the Comment text box.

For more information on the options in this tab, go to:

Policy Tab

To set access rules and other options, select the Policy tab.

TLS Support for the POP3-proxy is available in Fireware OS v12.2 and higher.

Properties Tab

On the Properties tab, you can configure these options:

  • To edit or add a comment to this policy configuration, type the comment in the Comment text box.
  • To define the logging settings for the policy, click Logging.
    For more information, go toSet Logging and Notification Preferences.
  • If you set the POP3-proxy connections are drop-down list (on the Policy tab) to Denied or Denied (send reset), you can block sites that try to use POP3.
    For more information, go to Block Sites Temporarily with Policy Settings.
  • To change the idle timeout that is set by the Firebox or authentication server, go to Set a Custom Idle Timeout.

Advanced Tab

 On the Advanced tab, you can configure these options in your proxy definition:

Configure the Proxy Action

You can choose a predefined proxy action or configure a user-defined proxy action for this proxy. For more information about how to configure proxy actions, go to About Proxy Actions.

For the POP3-proxy, you can configure these categories of settings for a proxy action:

Related Topics

About Proxy Policies and ALGs