CheckPoint SmartDefense and SMTP

We have a firewall that has CheckPoint's SmartDefense features enabled. There appears to be an SMTP Server installed on the firewall that is preventing us from using SMTP Authentication. Attempting to connect to our SMTP Server from outside the firewall revealed that the SMTP Security Server in the firewall is handling external SMTP requests.

What is the best way to fix this problem? We've been unable to figure out how to turn off the SMTP Security Server so SMTP requests connect directly to our internal server. That might not be the best solution, but it might be our only option.

Reply to
Matt
Loading thread data ...

What version of Check Point are you using?

If you're using the external IP of the firewall as your SMTP server address, that would explain what you're seeing.

Security Servers have nothing to do with SmartDefense. Check through the Help for "resources" which is what Check Point calls their security servers. Usually they are turned of unless they're used in a rule. The cell in the rule will look "funny" because it will have an arrow thingy rather than just a word.

Ray

Reply to
JJ

and it is supposed to transparently forward the mails to your internal server. it's a first line defense for harvesting attacks, you can rewrite headers or strip script tags for instance.

why is it a problem?

delete/disable the resource and configure a regular nat/access rule for your smtp server. has nothing to do with smart defense.

M
Reply to
mak

First off, I have to admit I am not an expert on Firewalls, so bare with me if I say anything that reveals my ignorance.

NGX R60 (Build 418) is what I saw under Help -> About

My boss recently got an iPhone and was wanting to connect to our SMTP Server to send messages. No one has really ever needed to do this at our company before, so the fact that the Firewall was set to filter incoming SMTP requests was fine. The problem comes up because the firewall doesn't support the AUTH command, so when our internal SMTP server gets handed the SMTP commands, the AUTH command is not included and it is unable to relay messages because of our security policy.

We have been searching through the menus in CheckPoint and so far we have been unable to find anywhere that specifically enables this Security Server, let alone where we can turn it off.

thingy rather than just a word.

Our version obviously doesn't show that, because the server is definitely running, but there doesn't appear to any kind of special icon on the run. Currently my boss is just using his Earthlink SMTP to be able to send mail, but it would be nice to know why this feature is running.

Reply to
Matt

I wasn't aware of that, I would need more research...maybe ask and search here:

formatting link
I assume there is a way to tune that..

smart dashboard 3rd tab: resources (right click:where used) i'm not gonna delete mine now :-) I assume you have to disable all rules where it is used before you can delete it.

thingy rather than just a word.

looks like the "resource" symbol here..

ask the people who installed / configured your checkpoint... there might be a reason :-) M

Reply to
mak

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.