Solved

Exchange 2007 and Checkpoint R76

Posted on 2013-06-01
4
527 Views
Last Modified: 2013-10-01
We have recently migrated from Checkpoint R71.20 on a UTM1 1050 to Checkpoint R75.40 on a Checkpoint 4407.  Everything has tested successfully except for the email traffic on this.

The Exchanger server hosts all the services, and works fine on the webmail client - so the rule base appears fine and NAT appears to be working to the server.

However, with the new firewall in (using exactly same rules as the old firewall) running the most recent version of Checkpoint, the Exchange box cannot do DNS, send or receive emails or browse the web.

I have explicity given the server a rule on the firewall to allow it any traffic in and out to test, but this still does not work for email/browsing/dns.

I have turned off the IPS module so it is running truly the same as the previous firewall.

When I swap back to the old firewall, this works as normal.

Any ideas?
0
Comment
Question by:CaringIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 39216431
What does the smartview tracker show as far as traffic being allowed or blocked from Exchange?
0
 

Author Comment

by:CaringIT
ID: 39218314
From what I can see, all data flows out of the firewall ok, but nothing is coming back.  We have also now upgraded to R76 as well as part of this process.

I turned off NAT for the exchange server, and this can browse the internet, make DNS requests, etc as normal.  It cannot received email as this is being sent to it's external IP address which is NATed to it.

When I turn the NAT back on, browsing, DNS, etc stops.  It cannot received emails, but you can access the OWA service running on the box as normal.

So - it appears to be the NAT causing the issue.  I have compared the R71.20 box and R76 and I can see now differences in the rules or the NAT table to cause this.
0
 

Accepted Solution

by:
CaringIT earned 0 total points
ID: 39524577
We have since found there was a routing error on the firewall config, even though it took Checkpoint a good couple of weeks to find it with us.
0
 

Author Closing Comment

by:CaringIT
ID: 39535868
In depth investigations from Checkpoint to resolve
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question