Solved

Checkpoint Firewall Access-lists

Posted on 2001-09-07
5
286 Views
Last Modified: 2013-11-16
I have FW1 running on my network.  I have set up a static ip mapping from a public to private address and vice-versa for my mail server.  When I set up my access list rules, do I specify

source   Dest                    Service   Action
any      mailserver -public ip   SMTP,POP3 Permit

OR

any      mailserver -private ip  SMTP, POP3 Permit

OR both?

Any advice would be great
0
Comment
Question by:chiggins22
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:jwalsh88
ID: 6465599
remember this, all translations happen last.  So, in the rule base(security policy) if you have public addresses that need access to the server then use it's public address in the rule base.  If your private addressed hosts that need to talk with the mail server don't go through the firewall to get to the mail server(it's on the same internal network) then the first rule is all you need.  If the mail server is protected by the firewall (on an additional dmz port off the firewall) then you need another rule.  I would suggest this if needed:

internal-nets  mailserver-priv  SMTP,POP3   Permit

0
 

Author Comment

by:chiggins22
ID: 6465628
I am more concerned with the external hosts, who need to send mail to the mailserver.  Should the access-list allow connections from any to the public address, or the private?

My internal hosts do not go through the firewall to get to the mailserver.
0
 
LVL 4

Accepted Solution

by:
jwalsh88 earned 50 total points
ID: 6465640
the rule should look like this to allow public access to your mail server

any  mailsvr-pub  SMTP,POP3  Permit


Also make sure you have your static NAT mappings working correctly.
0
 

Author Comment

by:chiggins22
ID: 6465673
I will give it a shot -thanks
0
 

Author Comment

by:chiggins22
ID: 6480591
Please see my other question regarding Checkpoint
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question