Improve company productivity with a Business Account.Sign Up

x
?
Solved

Exchange 2007 and Checkpoint R76

Posted on 2013-06-01
4
Medium Priority
?
554 Views
Last Modified: 2013-10-01
We have recently migrated from Checkpoint R71.20 on a UTM1 1050 to Checkpoint R75.40 on a Checkpoint 4407.  Everything has tested successfully except for the email traffic on this.

The Exchanger server hosts all the services, and works fine on the webmail client - so the rule base appears fine and NAT appears to be working to the server.

However, with the new firewall in (using exactly same rules as the old firewall) running the most recent version of Checkpoint, the Exchange box cannot do DNS, send or receive emails or browse the web.

I have explicity given the server a rule on the firewall to allow it any traffic in and out to test, but this still does not work for email/browsing/dns.

I have turned off the IPS module so it is running truly the same as the previous firewall.

When I swap back to the old firewall, this works as normal.

Any ideas?
0
Comment
Question by:CaringIT
  • 3
4 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 39216431
What does the smartview tracker show as far as traffic being allowed or blocked from Exchange?
0
 

Author Comment

by:CaringIT
ID: 39218314
From what I can see, all data flows out of the firewall ok, but nothing is coming back.  We have also now upgraded to R76 as well as part of this process.

I turned off NAT for the exchange server, and this can browse the internet, make DNS requests, etc as normal.  It cannot received email as this is being sent to it's external IP address which is NATed to it.

When I turn the NAT back on, browsing, DNS, etc stops.  It cannot received emails, but you can access the OWA service running on the box as normal.

So - it appears to be the NAT causing the issue.  I have compared the R71.20 box and R76 and I can see now differences in the rules or the NAT table to cause this.
0
 

Accepted Solution

by:
CaringIT earned 0 total points
ID: 39524577
We have since found there was a routing error on the firewall config, even though it took Checkpoint a good couple of weeks to find it with us.
0
 

Author Closing Comment

by:CaringIT
ID: 39535868
In depth investigations from Checkpoint to resolve
0

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Let us take a look at the scenario, you have a database that is corrupt and you run the ESEUTIL command only to find you are unable to repair it. How do you now get the data back?
You can use the network upload option and the Office 365 Import service to bulk-import PST files to user mailboxes. Network upload means that you upload the PST files a temporary storage area in the Microsoft cloud.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question