CHECKPOINT: How do I publish the SMTP port to one server and the POP port to another serverwith same external IP address?

Posted on 2004-11-28
Last Modified: 2013-11-16
We have just installed a Barracuda Networks Anti-Spam appliance and are having issues configuring it with
Checkpoint Firewall 1-NG . Heres the email that our network consultant sent to me to post here.

The Checkpoint Firewall has a host defined as x.y.z.a.  It has a FQDN associated with it.

I have published ports 25,110,3000 and 3389 on that address to forward those protocols to an internal server at

If I now want to split SMTP out and send it to another internal server it seems that the rule defined to do so negates delivery of 110,3000 and 3389 to the original server.

I use a STATIC NAT on each of the hosts.


Any                  SpamServer       SMTP               Allow
Any                  Mailserver          SMTP               Allow

Both Hosts Spamserver and Mailserver have the same NAT translation to the published IP Address
For example

The first rulle seems to negate the effects of the second rule.

How do I publish the SMTP port to one server and the POP port to another server using the same defined external IP address?
Question by:zodiacadm
    LVL 13

    Accepted Solution

    I'm not familiar with Checkpoint, but you need to be looking for an option for NAPT or port based NAT or similar. A static NAT is usually a one-to-one mapping that maps ALL ports. You want a one-to-many mapping so that you can map individual ports to indivual port/IP combinations.

    You probably already ralised this, but if not, then you need to be looking through your doc for info on this to see if your FW supports it and if so, how you can implement it.
    LVL 4

    Assisted Solution

    I don't think this can be done in checkpoint, as when you give an internal node the external ip address as static nat when an existing internal node is already configured for the external ip address for static nat, then checkpoint through's up a conflict warning.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Suggested Solutions

    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now