I have resolved a problem I had with SR but now find that unless the client can do a key exchange using IKE to the firewall it does not connect. The client sits saying "Exchanging Keys" and then errors out. I am using SR build 4157 - the most recent I think, talking to Checkpoint 2000. I am using IKE with VPN-1 username/password authentication. I downloaded the topology while on an internal network with a rule permitting some clients to connect directly to the firewall. No problem there. Dialing in from outside with the LAN card disabled I get a connection failed error with log entries in the FW log indicating that it is refusing IKE port connections because of my "Any, FW, Any Any Drop" rule. I have a rule preceding that that permits "SRUsers@Any, MyNet, Any, Client Encrypt" which is what I understand was all that is necessary to get SR clients working. It works if I add a rule that says "Any, Firewall, IKE, Accept". I don't like that but appear to have no option. Anyone got any ideas? Jim Ryan Finnesey wrote: > > Is this the same thing has Mail Prory in Firewall 4.1. Because I am running > 4.0 soon to be 4.1 on a Sun box. I need something to take the mail from the > Internet and pass it to the Exchange Server that is on the LAN. What is the > best thing to use ? > > Ryan V. Finnesey > Network Administrator > @tmosphere Interactive > 1375 Broadway, 11th floor > New York, NY 10018 > 212 827 2507 phone > 212 827 2525 fax > [EMAIL PROTECTED] > > -----Original Message----- > From: Olaf Selke [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 20, 2000 2:23 PM > To: [EMAIL PROTECTED] > Subject: [FW1] 4.1 smtp security server not fully rfc821 compliant, > <#@[]> 'invalid address syntax' > > platform: 4.1 SP1+Hotfix 41603 [VPN + DES + STRONG], Solaris 7 > > hi list, > it looks like the fw-1 smtp security server isn't fully RFC821 > compliant. Mails with a sender address <#@[]> are accepted by the smtp > security server with a reply code '250 Ok'. This means according RFC821 > everything is fine: "250 Requested mail action okay, completed". > Nevertheless they are not delivered to the final destination > by the fw-1 mail dequeuer. > > The trouble is caused by the fw-1 mail dequeuer which logs > "failed: 553 Invalid address syntax" and drops the mail silently! This > means bounces (<#@[]> usually are bounces) do vanish on the firewall > system without notice. My customer doesn't really like the idea that > mails are vanishing on his firewall system. <#@[]> is supposed to be > a valid address. > > Attached you'll find some verbatim stuff documenting in more detail > what I'm talking about. > > Olaf > -- > Olaf Selke, [EMAIL PROTECTED], voice +49 5241 80-7069 > > ======= the sender <#@[]> is accepted and confirmed with code 250 ====== > > root@mx [/] >>telnet internal 25 > Trying ... > Connected to internal.mediaways.net. > Escape character is '^]'. > 220 CheckPoint FireWall-1 secure SMTP server > mail from: <#@[]> > 250 <#@[]>... Sender ok > rcpt to: <[EMAIL PROTECTED]> > 250 <[EMAIL PROTECTED] Recipient ok > data > 354 Enter mail, end with "." on a line by itself > test with <#@[]> -- Jim Shaw Email: [EMAIL PROTECTED] Optimation NZ Ltd, DDI: +64-4-470-5831 P.O. Box 10616, Ph: +64-4-472-7218 Level 2, Optimation House, Fax: +64-4-472-7219 1 Grey Street, Web: http://www.optimation.co.nz Wellington, New Zealand ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
