Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2007 and Checkpoint R76

Posted on 2013-06-01
4
Medium Priority
?
544 Views
Last Modified: 2013-10-01
We have recently migrated from Checkpoint R71.20 on a UTM1 1050 to Checkpoint R75.40 on a Checkpoint 4407.  Everything has tested successfully except for the email traffic on this.

The Exchanger server hosts all the services, and works fine on the webmail client - so the rule base appears fine and NAT appears to be working to the server.

However, with the new firewall in (using exactly same rules as the old firewall) running the most recent version of Checkpoint, the Exchange box cannot do DNS, send or receive emails or browse the web.

I have explicity given the server a rule on the firewall to allow it any traffic in and out to test, but this still does not work for email/browsing/dns.

I have turned off the IPS module so it is running truly the same as the previous firewall.

When I swap back to the old firewall, this works as normal.

Any ideas?
0
Comment
Question by:CaringIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 39216431
What does the smartview tracker show as far as traffic being allowed or blocked from Exchange?
0
 

Author Comment

by:CaringIT
ID: 39218314
From what I can see, all data flows out of the firewall ok, but nothing is coming back.  We have also now upgraded to R76 as well as part of this process.

I turned off NAT for the exchange server, and this can browse the internet, make DNS requests, etc as normal.  It cannot received email as this is being sent to it's external IP address which is NATed to it.

When I turn the NAT back on, browsing, DNS, etc stops.  It cannot received emails, but you can access the OWA service running on the box as normal.

So - it appears to be the NAT causing the issue.  I have compared the R71.20 box and R76 and I can see now differences in the rules or the NAT table to cause this.
0
 

Accepted Solution

by:
CaringIT earned 0 total points
ID: 39524577
We have since found there was a routing error on the firewall config, even though it took Checkpoint a good couple of weeks to find it with us.
0
 

Author Closing Comment

by:CaringIT
ID: 39535868
In depth investigations from Checkpoint to resolve
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question