Exchange 5.5 to 2000. . . hmmmm, let's see, it's 2004, right? Checkpoint 4.1 SP4. . . hmmm, let's see. . . suggestions? Upgrade sooner.
In the meantime, in addition to the static nat you will need a static host route mapping your legal IP to your internal. You will also need an arp getting out to your gateway router or a static host route on your router pointing at the firewall for the route to your natted host. If external connection attempts are showing up in your logs you probably have the latter working. How do you know connects are getting blocked by rule 0? How are they being logged. If you are not seeing them turn on rule 0 loggin in global properties. If you have the static route, you are getting arps out to your router, and you are seeing drops in your logs, check your anti spoofing. Troubleshoot this as a standard IP packet forwarding problem between networks and it will make it easier. Try a connect attempt and see if it is arriving on your external interface. Check your logs, and then check your internal interfaces and target host interfaces to see if packets are getting forwarded correctly. Another suggestion welcome? OWA on your internal network? Patch, patch, patch. Keep your OS patched. Keep your IIS patched. Keep updates going on your clients. Keep an updated anti virus software running on Exchange AND ALL clients. Get some good meds from your doctor. Hal > -----Original Message----- > From: Gary Smith [mailto:[EMAIL PROTECTED] > Sent: Monday, October 04, 2004 12:34 PM > To: [EMAIL PROTECTED] > Subject: [FW-1] Checpoint 4.1 SP4 > > > I have just upgraded exchange 5.5 to Exchange 2000. With this I have > lost OWA 5.5 in my DMZ as Ex2K comes with it as part the exchange > install and will not work with OWA 5.5. I am using HIDE NAT for my > internal LAN. How can I enable http/https access to my internal mail > server hosting OWA for outside. I tried to STATIC NAT the mail server > with a public ip but seem to be getting blocked on Rule 0. I know this > is not the best configuration for exchange but we are a small > shop and I > do not have enough available servers to be moving the mail > server to the > DMZ. > Any suggestions would be most welcome. > > Thanks > > > > > > > > > > > > > > > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
