There are no differencies in processing mails between NG FP3 and R61 as far I know. (I did several upgradesto R61 with no changes to SMTP settings). It must be some access control setting mismatch:.
- check IP address of FW object in General tab (it has to be equal to MX record IP) - check other settings in resource - check if FW is answering on traffic to port 25 - try with some manual telnet session to port 25 from outside world and check where have you been disconnected (PC connected to internet, CMD window, telnet <IP address of FW> 25, helo aaa, mail from:....) - create new "test" resource with the same settings for mail delivery but with only " * " in match tab and use it for test in rulebase in new rule (disable / delete it later). I hope that you will find something usefull AndrejS -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Jason Ebersole Sent: Friday, August 04, 2006 9:47 PM To: [email protected] Subject: [FW-1] NGX and SMTP Hello, I am currently running NG FP3 Enterprise on SecurePlatform. I took a spare PC and installed NG FP3 and duplicated the configuration by installing all the same patches and "restoring" from a "backup all" file, then I upgraded to NGX R61 Pro, not Express or Edge (which went very well). I then temporarily pulled the production box running NG FP3 and put the test box running NGX in it's place. Everything seemed to be working fine, including a SecuRemote user a few states away running an old client, but mail coming in from the outside would not get through to my Exchange server. Here is how I have NG FP3 configured to get mail to my Exchange Server: Source Destination If Via Service Action Any firewall any smtp->resource accept In the smtp->resource: General tab: I have the ip address of my internal Exchange Server in the Mail Delivery Server field. This config works great in NG FP3. The Tracker Log shows the email coming into the firewall, but it is being "rejected" for Content Security by Standard Rule #23, which is my last ANY ANY DROP rule. I nosed around in the SmartDefense configuration but didn't see anything obvious, but could easily have missed something being that I was in a hurry to figure it out (which I didn't) and get the production box back in place. I'm guessing there is a completely different way to spool mail on my gateway, then send it to my internal mail server, for NGX R61. Regards, Jason ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
