Amit,
I see a couple of things here(and I might be way
off...)
Is your firewall also your mail server? My guess is
no. For your SMTP server, create an object and
a rule just for it. This object can be static NATted.
Then you can change your rule(s) to be more
specific for your SMTP server. Reject the ident.
Then the next rule can be for SMTP traffic(not just
any protocol - SMTP).
As for your rules 2&3, Doesn't rule 2 hide rule 3? Does
this actually compile?
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Amit Shani" <[EMAIL PROTECTED]> 8/20/00 4:18:22 AM >>>
>
>Hi all
>
>I have this problem with outgoing mail:
>I an using the ISP's outgoing mail server to send mail.
>When sending mail it takes a long time for the outgoing mail server to
>respond.
>Once responded it sends the mail efficiently and fast.
>I tried the following rules in the policy (each one on it's own):
>
> Source Destination Service Action
> ------------- ------------------------------ ------- -------
>1. <SMTP Server> <FW-1> (The LAN is NAT-Hide) Ident Reject
>
>2. <SMTP Server> ALL ALL Reject
>
>3. <SMTP Server> ALL ALL Accept
>
>** The log shows only Ident requests from the SMTP server **
>
>None of these rules could make the connection go as fast as it goes when
>connecting a standalone PC via Dial-Up to the same ISP and sending mail
>through the same server.
>The ISP says that the problem is with the FW rules but knows nothing about
>FireWalls to say what rule could cause this.
>
>Config:
>FW-1 v4.1 on NT4 sp5
>
>Please help - THANKS
>
>-- Amit
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
