Solved

Checkpoint Firewall Access-lists

Posted on 2001-09-07
5
310 Views
Last Modified: 2013-11-16
I have FW1 running on my network.  I have set up a static ip mapping from a public to private address and vice-versa for my mail server.  When I set up my access list rules, do I specify

source   Dest                    Service   Action
any      mailserver -public ip   SMTP,POP3 Permit

OR

any      mailserver -private ip  SMTP, POP3 Permit

OR both?

Any advice would be great
0
Comment
Question by:chiggins22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:jwalsh88
ID: 6465599
remember this, all translations happen last.  So, in the rule base(security policy) if you have public addresses that need access to the server then use it's public address in the rule base.  If your private addressed hosts that need to talk with the mail server don't go through the firewall to get to the mail server(it's on the same internal network) then the first rule is all you need.  If the mail server is protected by the firewall (on an additional dmz port off the firewall) then you need another rule.  I would suggest this if needed:

internal-nets  mailserver-priv  SMTP,POP3   Permit

0
 

Author Comment

by:chiggins22
ID: 6465628
I am more concerned with the external hosts, who need to send mail to the mailserver.  Should the access-list allow connections from any to the public address, or the private?

My internal hosts do not go through the firewall to get to the mailserver.
0
 
LVL 4

Accepted Solution

by:
jwalsh88 earned 50 total points
ID: 6465640
the rule should look like this to allow public access to your mail server

any  mailsvr-pub  SMTP,POP3  Permit


Also make sure you have your static NAT mappings working correctly.
0
 

Author Comment

by:chiggins22
ID: 6465673
I will give it a shot -thanks
0
 

Author Comment

by:chiggins22
ID: 6480591
Please see my other question regarding Checkpoint
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question