?
Solved

Exchange 2007 and Checkpoint R76

Posted on 2013-06-01
4
Medium Priority
?
535 Views
Last Modified: 2013-10-01
We have recently migrated from Checkpoint R71.20 on a UTM1 1050 to Checkpoint R75.40 on a Checkpoint 4407.  Everything has tested successfully except for the email traffic on this.

The Exchanger server hosts all the services, and works fine on the webmail client - so the rule base appears fine and NAT appears to be working to the server.

However, with the new firewall in (using exactly same rules as the old firewall) running the most recent version of Checkpoint, the Exchange box cannot do DNS, send or receive emails or browse the web.

I have explicity given the server a rule on the firewall to allow it any traffic in and out to test, but this still does not work for email/browsing/dns.

I have turned off the IPS module so it is running truly the same as the previous firewall.

When I swap back to the old firewall, this works as normal.

Any ideas?
0
Comment
Question by:CaringIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 39216431
What does the smartview tracker show as far as traffic being allowed or blocked from Exchange?
0
 

Author Comment

by:CaringIT
ID: 39218314
From what I can see, all data flows out of the firewall ok, but nothing is coming back.  We have also now upgraded to R76 as well as part of this process.

I turned off NAT for the exchange server, and this can browse the internet, make DNS requests, etc as normal.  It cannot received email as this is being sent to it's external IP address which is NATed to it.

When I turn the NAT back on, browsing, DNS, etc stops.  It cannot received emails, but you can access the OWA service running on the box as normal.

So - it appears to be the NAT causing the issue.  I have compared the R71.20 box and R76 and I can see now differences in the rules or the NAT table to cause this.
0
 

Accepted Solution

by:
CaringIT earned 0 total points
ID: 39524577
We have since found there was a routing error on the firewall config, even though it took Checkpoint a good couple of weeks to find it with us.
0
 

Author Closing Comment

by:CaringIT
ID: 39535868
In depth investigations from Checkpoint to resolve
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question