Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 793
  • Last Modified:

Issue with NAT on Checkpoint NG firewall unable to connect externally

I'm having a strange problem with my firewall, a Checkpoint NG with Application Intelligence (R55). I have a range of four IP addresses allocated by my ISP. The first one is used for the gateway, the second is for our mail server which also runs Outlook Web Access, the third is for a DMZ and the 4th is spare. I have NAT configured to translate from the mail server (192.168.40.2) to the second IP in our range, I'll call it x.x.x.2. I did this by right clicking on the node and going to edit, then on the NAT tab I selected "Add Automatic Address Translation rules", set the method to "Static" and entered the IP, x.x.x.2. I also have a NAT entry for our internal network, 192.168.40.0, to the first IP in our range, x.x.x.1.

The problem is, for some reason the mail server can no longer access the external network. It is configured to use the fileserver as a DNS server, so for example when I ping www.google.com, it resolves the IP address but the packets fail to get through the firewall. If I disable the NAT for the mailserver, it can ping the outside world without problems. At the moment, I've disabled all of the security policies so that all traffic on all ports can get through, just to make sure it wasn't a problem with a rule. I'm completely stumped as to why this doesn't work... any insight guys? At the moment we're unable to send or receive any email externally, as we use MessageLabs to filter our email, and they are only forwarding mail to the x.x.x.2 address. I need to get this fixed asap! Thanks!
0
Jm_saunders
Asked:
Jm_saunders
1 Solution
 
LBACISCommented:
If it is on a Nokia appliance check your voyager and make sure there is nothing NAT there.
0
 
Jm_saundersAuthor Commented:
It's on the SecurePlatform (SPLAT), and I've resolved the issue now.

Cheers,

James
0
 
Keith AlabasterEnterprise ArchitectCommented:
James, post the resolution and I can refund your points

regards

Keith
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
Jm_saundersAuthor Commented:
Somebody had added a switch between the firewall and the internet, and connected a router into it... and gave the router the same IP address as my mailserver. This meant that the packets could leave the firewall from the mailserver, but they'd get returned to this router that was sitting outside my firewall. I didn't know about this until, in an act of desperation, I went and unplugged everything and connected it all up again. I just unplugged the switch and the extra router, and everything started working again properly.

Cheers,

James
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thanks :)

I'll make the recommendation for PAQ and points refunded on my next sweep through which will be a couple of days.

Thanks
Keith
0
 
Computer101Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now