Dear All Experts,
I would like to ask a basic question about the firewall operations. I myself am not very familiar with the Checkpoint Firewall.
My Company has a SMTP and a Internet Proxy Server in the DMZ behind the firewall (Checkpoint v4.1). Recently we had an issue about accessing a web site of our business partner through our proxy server. The problem happened because a specific ip range is being used by our business partner for both Internet and Intranet.
For eg....198.205.100.0 is used for Intranet hosts whereas 198.205.110.0 is used for Internet hosts.
According to our Firewall vendor, there is a static route on the firewall which defines 198.205.0.0 to be routed to the Internal interface of the firewall.
I beleive that the easiest solution would be to narrow the static route defined on the firewall and create different
static routes for the 2 subnets to be routed to different interfaces. I would like to know if there are any other solutions which can be implemented because I would like to avoid adding static routes whenever we find such strange cases.
I have a similar question about SMTP Server too. The SMTP Server behind the firewall normally communicates with the other SMTP Servers on the Internet and also to our Internal MTA Server to send mails from Internet. I fear that we might face similar issues as above if there are Internet and Intranet hosts on same netowkr IP range. Is there a way to define a rule like below...
Source - SMTP IP
Destination - anything (except the Internal MTA Server IP)
Port - 25
Redirect to External Port on the Internet.
Thanks for your help in advance,
Harish
I would like to ask a basic question about the firewall operations. I myself am not very familiar with the Checkpoint Firewall.
My Company has a SMTP and a Internet Proxy Server in the DMZ behind the firewall (Checkpoint v4.1). Recently we had an issue about accessing a web site of our business partner through our proxy server. The problem happened because a specific ip range is being used by our business partner for both Internet and Intranet.
For eg....198.205.100.0 is used for Intranet hosts whereas 198.205.110.0 is used for Internet hosts.
According to our Firewall vendor, there is a static route on the firewall which defines 198.205.0.0 to be routed to the Internal interface of the firewall.
I beleive that the easiest solution would be to narrow the static route defined on the firewall and create different
static routes for the 2 subnets to be routed to different interfaces. I would like to know if there are any other solutions which can be implemented because I would like to avoid adding static routes whenever we find such strange cases.
I have a similar question about SMTP Server too. The SMTP Server behind the firewall normally communicates with the other SMTP Servers on the Internet and also to our Internal MTA Server to send mails from Internet. I fear that we might face similar issues as above if there are Internet and Intranet hosts on same netowkr IP range. Is there a way to define a rule like below...
Source - SMTP IP
Destination - anything (except the Internal MTA Server IP)
Port - 25
Redirect to External Port on the Internet.
Thanks for your help in advance,
Harish