Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

checkpoint firewall NG SP1

Status
Not open for further replies.
mous27

mous27

Technical User
Mar 15, 2002
1
FR
Hello

Please could you help me : i have a lan that contains a mail server ( server not in dmz)

After installing my firewall , i couldn't send any mail outside or received mail from outside.( Exchange server ) but in local we can do anything.

Someone tell me to put my server with public adress ?????

The test that we try: someone trying to ping our server that is translated to a public adress from outside ( no response) he stoped to the router of our provider, in another hand if he ping our checkpoint server (no rules) he can.

please help me

thanks to all
 
i am just cutting and pasting this from a response i made about an ftp server so if it is not 100% i appolagise

First you need to create a network object for the server
Manage - network objects - New - Workstation
give it a name (Mail_Server)or if it is known via dns that name
enter IP address if Get doesnt work
leave all other general setting as they are.

to protect your internal network select the NAT TAB
check box -Add automatic address translation Rules
set translation method to static
enter a valid IP address for the outside of your firewall (this is your Mail servers external address).


after your stealth rule (any-firewall-any-drop)
create a new rule (incoming mail)
(highlight the stealth rule)
Edit - Add rule - after
leave source as any
change destination to your mail server RMC (right mouse click) add - select mail server

change service to smtp (RMC add SMTP)
change drop to acceptset track to long
add a comment at the end of the line

create a new rule (outgoing mail)
(highlight the stealth rule)
Edit - Add rule - after
leave destination as any
change source to your mail server RMC (right mouse click) add - select mail server

change service to smtp (RMC add SMTP)
change drop to acceptset track to long
add a comment at the end of the line


install policy
Policy - verify
if this works
policy install - ok



a modification to this to stop mail relay is to set up a resource (SMTP) that has a match of Source * and destination *.yourcompany.com
add this to your incoming mail rule
so rather than adding sevice you add service with resource



hope this helps if not let me know.
 
Status
Not open for further replies.

Similar threads

TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
252
hairlessupportmonkey
hairlessupportmonkey
mattbarkerlfc
  • Locked
  • Question
Checkpoint 2200 subnet overlap problem
Replies
0
Views
140
mattbarkerlfc
mattbarkerlfc
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
162
hall5942
hall5942
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
153
hall5942
hall5942
J001
  • Locked
  • Question
Checkpoint Upgrade Question
Replies
0
Views
101
J001
J001

Part and Inventory Search

Sponsor

Back
Top