Solved

Checkpoint Firewall Access-lists

Posted on 2001-09-07
5
267 Views
Last Modified: 2013-11-16
I have FW1 running on my network.  I have set up a static ip mapping from a public to private address and vice-versa for my mail server.  When I set up my access list rules, do I specify

source   Dest                    Service   Action
any      mailserver -public ip   SMTP,POP3 Permit

OR

any      mailserver -private ip  SMTP, POP3 Permit

OR both?

Any advice would be great
0
Comment
Question by:chiggins22
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:jwalsh88
ID: 6465599
remember this, all translations happen last.  So, in the rule base(security policy) if you have public addresses that need access to the server then use it's public address in the rule base.  If your private addressed hosts that need to talk with the mail server don't go through the firewall to get to the mail server(it's on the same internal network) then the first rule is all you need.  If the mail server is protected by the firewall (on an additional dmz port off the firewall) then you need another rule.  I would suggest this if needed:

internal-nets  mailserver-priv  SMTP,POP3   Permit

0
 

Author Comment

by:chiggins22
ID: 6465628
I am more concerned with the external hosts, who need to send mail to the mailserver.  Should the access-list allow connections from any to the public address, or the private?

My internal hosts do not go through the firewall to get to the mailserver.
0
 
LVL 4

Accepted Solution

by:
jwalsh88 earned 50 total points
ID: 6465640
the rule should look like this to allow public access to your mail server

any  mailsvr-pub  SMTP,POP3  Permit


Also make sure you have your static NAT mappings working correctly.
0
 

Author Comment

by:chiggins22
ID: 6465673
I will give it a shot -thanks
0
 

Author Comment

by:chiggins22
ID: 6480591
Please see my other question regarding Checkpoint
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now