You can use smtp resource in FW rules database and block all incoming
messages which don't belong to your domain.(Of course if MX record for your
domain name pointed to your FW external IP)
I never use NAV, but we do testing for eSafe gateway - working perfect with
our CheckPoint FW1 on SUN
-----Original Message-----
From: Einhorn, Drew [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 10, 2000 11:05 AM
To: [EMAIL PROTECTED]
Subject: Checkpoint FW-1 & NAV
My boss recently hired some folks to come in and upgrade our Checkpoint FW-1
system to 4.1, including migration from an x86 Solaris box to NT 4.0, with
expanded the licensing, they also added a box running Norton Antivirus for
Firewalls 1.5.
Since then I have been attempting to repair the damage they did.
Our remaining problems:
The installation broke our configuration to prevent our systems from
being used as a SPAM Relay. We were abused lots of SPAM was forwarded
through our systems.
Something is choking on moderate sized attachments. The limit appears
to be somewhere between 500KB and 1MB.
If we disable the rule that diverts incoming smtp traffic and sends it to
the NAV box, everything works just fine. Except we don't scan the incoming
mail for viruses.
I believe both problems are being caused by the mail proxy that Checkpoint
installs on the Firewall-1 box with traffic is diverted to NAV.
The limit on attachment size could be the NAV box. It's hard to tell which
box is causing the problem.
After the NAV box checks the mail for malicious attachments it returns the
message to the firewall, the firewall sends the message on it's to the
"normal" internal mail server. But the ip source address for the smtp
packets is now the ip address of the firewall internal interface. It is no
longer the ip address of the external mail server. This breaks the antispam
configuration of the internal mail server.
Has anyone gotten Checkpoint FW-1 to successfully work with an external mail
virus checker?
My boss wants to switch from Norton to McAfee, but I think it's a Checkpoint
problem, that probably won't go away.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
