• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 994
  • Last Modified:

Publish Email Server through Checkpoint 2210 Firewall

We have a new Checkpoint 2210 firewall running Gaia R76 and I'm playing around learning how to use it (we had ISA Server 2004 before this).  My first challenge is publishing SMTP access to our mail server (Exchange 2003 running on Server 2003 Std).  This is our network:
   
    Internet -> Router (192.168.40.1) -> (192.168.40.2) Firewall (172.16.1.254) -> Mail Server (172.16.1.23)

We only have a single "real" Internet IP address for the whole company.

I setup a host node for the mail server (Savanah) and the firewall's external IP address (ADSL).  I then created an address range to cover our 172.16.0.0 network (Internal).  Then, I created 2 NAT rules:

    Source      Dest    Srv      Source     Dest        Srv
    Savanah   Any      Any     ADSL       Original   Original
    Any           ADSL   smtp   Original   Savanah  Original

I also created the policy rule:

    Source            Dest    Srv       Action   Track
    Not Internal   ADSL   smtp   accept   log

Finally, I installed the policy.  I can see in SmartView Tracker that packets are being accepted and that the XlateDest column shows that the destination IP address is being changed to Savanah.  But, attempts to connect are just timing out.  What am I missing?
0
CIPortAuthority
Asked:
CIPortAuthority
1 Solution
 
CIPortAuthorityAuthor Commented:
It turns out that the packets were getting through to the mail server but it had the wrong default gateway so nothing was getting back to the firewall. I was getting confused because I could ping the mail server from the firewall (and even Telnet to port 25) but couldn't get through from the Internet.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now