Solved

Checkpoint Firewall Access-lists

Posted on 2001-09-07
5
328 Views
Last Modified: 2013-11-16
I have FW1 running on my network.  I have set up a static ip mapping from a public to private address and vice-versa for my mail server.  When I set up my access list rules, do I specify

source   Dest                    Service   Action
any      mailserver -public ip   SMTP,POP3 Permit

OR

any      mailserver -private ip  SMTP, POP3 Permit

OR both?

Any advice would be great
0
Comment
Question by:chiggins22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:jwalsh88
ID: 6465599
remember this, all translations happen last.  So, in the rule base(security policy) if you have public addresses that need access to the server then use it's public address in the rule base.  If your private addressed hosts that need to talk with the mail server don't go through the firewall to get to the mail server(it's on the same internal network) then the first rule is all you need.  If the mail server is protected by the firewall (on an additional dmz port off the firewall) then you need another rule.  I would suggest this if needed:

internal-nets  mailserver-priv  SMTP,POP3   Permit

0
 

Author Comment

by:chiggins22
ID: 6465628
I am more concerned with the external hosts, who need to send mail to the mailserver.  Should the access-list allow connections from any to the public address, or the private?

My internal hosts do not go through the firewall to get to the mailserver.
0
 
LVL 4

Accepted Solution

by:
jwalsh88 earned 50 total points
ID: 6465640
the rule should look like this to allow public access to your mail server

any  mailsvr-pub  SMTP,POP3  Permit


Also make sure you have your static NAT mappings working correctly.
0
 

Author Comment

by:chiggins22
ID: 6465673
I will give it a shot -thanks
0
 

Author Comment

by:chiggins22
ID: 6480591
Please see my other question regarding Checkpoint
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question