We have a firewall that has CheckPoint's SmartDefense features enabled. There appears to be an SMTP Server installed on the firewall that is preventing us from using SMTP Authentication. Attempting to connect to our SMTP Server from outside the firewall revealed that the SMTP Security Server in the firewall is handling external SMTP requests.
What is the best way to fix this problem? We've been unable to figure out how to turn off the SMTP Security Server so SMTP requests connect directly to our internal server. That might not be the best solution, but it might be our only option.
If you're using the external IP of the firewall as your SMTP server address, that would explain what you're seeing.
Security Servers have nothing to do with SmartDefense. Check through the Help for "resources" which is what Check Point calls their security servers. Usually they are turned of unless they're used in a rule. The cell in the rule will look "funny" because it will have an arrow thingy rather than just a word.
First off, I have to admit I am not an expert on Firewalls, so bare with me if I say anything that reveals my ignorance.
NGX R60 (Build 418) is what I saw under Help -> About
My boss recently got an iPhone and was wanting to connect to our SMTP Server to send messages. No one has really ever needed to do this at our company before, so the fact that the Firewall was set to filter incoming SMTP requests was fine. The problem comes up because the firewall doesn't support the AUTH command, so when our internal SMTP server gets handed the SMTP commands, the AUTH command is not included and it is unable to relay messages because of our security policy.
We have been searching through the menus in CheckPoint and so far we have been unable to find anywhere that specifically enables this Security Server, let alone where we can turn it off.
thingy rather than just a word.
Our version obviously doesn't show that, because the server is definitely running, but there doesn't appear to any kind of special icon on the run. Currently my boss is just using his Earthlink SMTP to be able to send mail, but it would be nice to know why this feature is running.