I think I have had a similar issue. Here is what I did. This is on a nokia but you should be able to convert.
1. Created an ARP entry on the firewall platform for the external address. 2. Create a static route on the firewall platform pointing from the external address to the internal address or the next nearest router/gateway if on a subnet. 3. In Checkpoint create an object for the external interface. 4. Create an object for the Internal Interface. 5. Create a rule which says Any-->External-->SMTP(etc)-->Allow 6. Create a rule which says Internal-->Any-->SMTP (etc)-->Allow 7. Create a NAT Rule Internal-->Original-- Original||External-->Internal-->Original 8. Create a NAT Rule Original-->External-- Original||Original-->Internal-->Original -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED]] On Behalf Of Trent Libby Sent: 19 September 2002 14:33 To: [EMAIL PROTECTED] Subject: Re: [FW-1] RES: [FW-1] Static NAT problems on a Win2K SP3 Se rver with FW-1 NG FP1 Ok, I guess I can see how that may work, but why would I need to do that when I can hook up a regular Broadband router and SMTP traffic goes through fine. It seems to me that something in the Firewall is not working properly, but I just cannot seem to find what it is. Trent Libby -----Original Message----- From: Fabricio Sim�o [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 19, 2002 6:54 AM To: [EMAIL PROTECTED] Subject: [FW-1] RES: [FW-1] Static NAT problems on a Win2K SP3 Server with FW-1 NG FP1 Hi Trent, I had the same problem on a customer and we solved putting a static route for the valid SMTP server on the Internet router. Fabricio -----Mensagem original----- De: Trent Libby [mailto:[EMAIL PROTECTED]] Enviada em: quarta-feira, 18 de setembro de 2002 12:00 Para: [EMAIL PROTECTED] Assunto: [FW-1] Static NAT problems on a Win2K SP3 Server with FW-1 NG FP1 I have been having some major problems trying to get my Static NAT to work on my Win2K Server. This static NAT is set up for my SMTP server, but everything I try to do does not seem to work. I originally set it up with the Automatic NAT and ARP, but that was not working. After a little research I found a Sample Configuration with NAT on Phoneboy.com. I followed what he was telling me, but for some reason it would not route through my server. I checked the Logs and there was no SMTP traffic even touching the server. I could ping the external IP with no problems from the outside though. Not sure why the SMTP traffic would not hit the Firewall though. I then did a bit more research and found that I might try to add the External IP of my SMTP server to my External interface through advanced properties. After I did this SMTP traffic would hit the firewall, but it would still not route to my internal SMTP server. I sent some test mails and all of them failed. When I got the failed message it said it failed due to relay not being enabled on the server. What am I missing to get this thing to route traffic to the inside? If anyone has some ideas please let me know as I really need to get this up and going for my customer. Trent Libby ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
