Hi all,
Just installed a new 2820n on sbs2003 box with 2 nics. (WAN-192.168.1.2)-(LAN 10.0.0.2). The router LAN IP is 192.168.1.1. Internal network are supporting about 70 PC's. One of those pc's are infected with a sender email trojan not identified until now, besides our efforts made with netstat attemps and virus scannings on all machines.

My questions are:

There is any way to only accept outbound connections on port 25 sended by our exchange server and block all others LAN machines using 2820n firewall settings?

I installed Syslog 4.2.1 on Windows2003 server to try to record logs to help us to find the infected machine. But don't know why i can't collect data from router. The settings are: IP router 192.168.1.2. IP WAN NIC sbs box is 192.168.1.2 and the the port used is the default (514).

Any toughts will be very welcome.

Thank you in advance,
Cheers

And of course System Maintenance >> SysLog / Mail Alert Setup under Maintenance tab is checked with server Syslog IP corrected inserted (192.168.1.2)