[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] problem firewall-1 and Esafe Protect Gateway

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] problem firewall-1 and Esafe Protect Gateway
From: Jean PELE <pele@cereq.fr>
Date: Wed, 28 Apr 1999 11:27:03 +0100



1)
I used Esafe Protect Gateway installed on a windows NT 4.0 station (SP 3)
with Firewall-1 checkpoint (1.3 build 3072) on a Sun ultra sparc station.

The problem is : when the files scanned come back from Esafe Protect
Gateway all the IP source adresses become the IP adress of DMZ interface
of the firewall.

for instance: rule1= any workstation-smtp smtp->av-smtp accept long

With this rule if a message come from 193.3.2.2 and if i look my maillog
file on the workstation-smtp I see : relay=x.x.x.x which is the IP
adress of DMZ interface of the firewall. This is a real problem because
recently a spam attack came on my SMTP station using it as a relay and all
the mail messages relayed seem coming from my DMZ IP adress letting think
that i was the spammer.

In the same way and for the same reason with a rule2 like :
any any http->av-http accept long I cannot get statistics for my web
server.
I know I can in this case add a rule above the rule2 like :
any workstation-httpserver http accept to get the real source IP adresses
which connect to my web server, but I think it's not a real good way.

If I delete the rules above (that means not using Esafe Protect Gateway)
everything works well concerning the IP source adresses.

2)
Recently I installed Firewall-1 build 3083 (SP8).

And now with a rule : rule1= mystation station-smtp smtp->av-smtp accept
long, if I try to send a mail I get the message : could not connected to
"adress IP" (adress of the SMTP server), cause connection refused (10061).

If I delete the rule, everything works well.

Esafe Protect Gateway said me that It's not a Esafe problem but a
Firewall-1 configuration problem, because when I put the action2 of the
SMTP ressource to None the problem exits yet.

What's wrong in the configuration of the Firewall-1 ? Have you any idea ?

Waiting.

Thanks and regard.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Securemote NT next
Next by Date: [FW1] Norton Antivirus Live Update connections
Prev by thread: [FW1] Securemote NT next
Next by thread: [FW1] Norton Antivirus Live Update connections
Index(es):
- Date
- Thread