CheckPoint Software Technologies LTD. FireWall-1 Version 3.0B Patch Level 3064 SMTP Security Server Quick Reference



Similar documents
Resolving problems with SMTP Security Server and CVP operating in Check Point NG

Docufide Client Installation Guide for Windows

Mail Server Scenarios and Configurations

LPR for Windows 95/98/Me/2000/XP TCP/IP Printing User s Guide. Rev. 03 (November, 2001)

Installing GFI MailEssentials

CheckPoint Software Technologies LTD. How to Configure Firewall-1 With Connect Control

Printing Options. Netgear FR114P Print Server Installation for Windows XP

Fundamentals of UNIX Lab Networking Commands (Estimated time: 45 min.)

DP-313 Wireless Print Server

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

Escalation Server Documentation For Tele-Support HelpDesk Rev 5/29/2001

Network Printing In Windows 95/98/ME

1. Installation Overview

HL2170W Windows Network Connection Repair Instructions

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

Lab Configuring Access Policies and DMZ Settings

Web based training for field technicians can be arranged by calling These Documents are required for a successful install:

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Installation Overview

Setup Guide. network support pc repairs web design graphic design Internet services spam filtering hosting sales programming

Understand Troubleshooting Methodology

Resolving H202 Errors (INTERNAL)

This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

CipherMail Gateway Quick Setup Guide

Configuring MassTransit Server to listen on ports less than 1024 using WaterRoof on Macintosh Workstations

Implementing Network Address Translation and Port Redirection in epipe

Netwatch Installation For Windows

Scan to Quick Setup Guide

Implementing Microsoft SQL Server 2008 Exercise Guide. Database by Design

POP3 Connector for Exchange - Configuration

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

? Index. Introduction. 1 of 38 About the QMS Network Print Monitor for Windows NT

Installing GFI MailEssentials

Setting up Citrix XenServer for 2X VirtualDesktopServer Manual

Check Point Software Technologies LTD. Creating A Generic Service Proxy (GSP) Using Network Address Translation (NAT)

Security perimeter white paper. Configuring a security perimeter around JEP(S) with IIS SMTP

IBM i Version 7.2. Systems management Advanced job scheduler

Chapter 15: Advanced Networks

Overview... 1 Requirements Installing Roles and Features Creating SQL Server Database... 9 Setting Security Logins...

NovaBACKUP xsp Version 15.0 Upgrade Guide

Basic Exchange Setup Guide

700 Fox Glen Barrington, Illinois ph: [847] fx: [847]

DocuPrint C3290 FS Features Setup Guide

Sage HRMS 2012 Sage Employee Self Service. Technical Installation Guide for Windows Server 2003 and Windows Server 2008

LICENSE MANAGER VERSION 7.2. Procedures for Use of Sentinel LM7.2 Server for CHEMCAD. rev

TNote125 Student Locator Framework Notification Diagnostics

Configuration Manual

MailEnable Installation Guide

MFC8890DW Vista Network Connection Repair Instructions

Web File Management with SSH Secure Shell 3.2.3

PC Power Down. MSI Deployment Guide

GFI Product Manual. Administration and Configuration Manual

Migrating helpdesk to a new server

Network User's Guide for HL-2070N

Troubleshooting 920i / iqube Issues

How to install and use CrossTec Remote Control or SchoolVue in a Virtual and or Terminal Service environment

LPR for Windows 95 TCP/IP Printing User s Guide

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Basic Exchange Setup Guide

OCS Training Workshop LAB14. Setup

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

Installing GFI MailSecurity

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

REST Professional Network Troubleshooting Guide

Pearl Echo Installation Checklist

Cisco PIX vs. Checkpoint Firewall

Lab Configuring Access Policies and DMZ Settings

Gateways Using MDaemon 6.0

Transferring Your Internet Services

Install and Configure Oracle Outlook Connector

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Exchange Migration Guide

Core Protection Suite

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

RAPID BROADBAND INSTALLATION RAPID BROADBAND SUPPORT CONTACT DETAILS. AND TROUBLESHOOTING GUIDE. Tel:

Installing Your Printer to Your Network for the First Time

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab

MailEnable Connector for Microsoft Outlook

FTP e TFTP. File transfer protocols PSA1

1 You will need the following items to get started:

Quick Scan Features Setup Guide

This document details the following four steps in setting up a Web Server (aka Internet Information Services -IIS) on Windows XP:

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

IMAPing 3.0 Administrator s Guide

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

MFPConnect Monitoring. Monitoring with IPCheck Server Monitor. Integration Manual Version Edition 1

Monitor Print Popup for Mac. Product Manual.

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

V . Technical Notes Setting-up V and the SMTP Server Interface. Overview. Setting-up V

Installation Notes for Outpost Network Security (ONS) version 3.2

tpischeduler tpischeduler TotalFBO tpischeduler TotalFBO Initial Installation tpischeduler TotalFBO tpischeduler

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Transcription:

CheckPoint Software Technologies LTD. FireWall-1 Version 3.0B Patch Level 3064 SMTP Security Server Quick Reference Authored By: Joe DiPietro CheckPoint Software Technologies LTD. Date Published: April 9, 1998 1

How to Setup the SMTP Resource The Following Diagram shows the general process for the SMTP Security Server Resource within Firewall-1 version 3.0B. If you don't already have patch 3064, please contact the reseller that you purchased Firewall-1 from and obtain this patch. From this Diagram, we will configure the components necessary to use the SMTP Security Server to Scrub Email's for Viruses and to forward them to the appropriate Mail Server after they have been cleaned. This document assumes you are familiar with Firewall-1. If not, please read the documentation that came with your CDROM, and other reference guides located at: http://www.checkpoint.com/~joe SMTP Email Process Mail Server 10.10.10.1 255.255.255.0 4 Firewall Sends Clean Email to the Email Server DMZ A Interface of Firewall 10.10.10.2 DMZ B Interface of Firewall 10.10.9.2 Firewall s External Interface or another valid Internet Address 192.192.192.192 1 Send Email to 192.192.192.192 Internet Email From Internet Address of12.3.2.1 to 192.192.192.192 3 Forward Email back to the Firewall 2 Scrub Email for Virus Anti Virus Server 10.10.9.1 Note: If you use another valid Internet Address, make sure to configure the firewall for "Proxy -ARP" for that IP Address. This is described in detail within the "Address Translation Guide" for version 3.0 under http://www.checkpoint.com/~joe. Steps to configure the SMTP Resource 1. Define an object with the Valid Internet Address of the Mail Server so people can send email's to this IP Address (192.192.192.192) 2. Define an object for the IP Address of the Mail Server (this assumes it is different from above. (10.10.10.1) 3. Define the object for the Anti Virus Server (10.10.9.1) 4. Define the "service" for the Anti Virus Server 5. Define the SMTP Resource 6. Define the Rule with the SMTP Resource to allow Email's to be "cleaned" for Viruses 7. Validate the Email Transfer works properly 8. Troubleshoot if necessary 2

1. Define the network object of the valid address of the mail server to the Internet. This could be the outside interface of the Firewall as well. Manage Network Objects New Workstation 2. Define the network object of the Mail Server as follows: Manage Network Objects New Workstation 3. Define the network object of the Anti- Virus Server as follows: Manage Network Objects New Workstation 3

4. Define the Anti-Virus Service Manage Servers New CVP Name Host Service = av-scrub = anti-virus = FW1_cvp 5. Define the SMTP Resource as follows: Manage Resources New SMTP Name = inbound-mail Mail Server = 10.10.10.1 Exception Track = log Now Select the "Action 2" Tab Select the previously defined av-scrub as the Anti Virus Server And "Cure" viruses Click OK 6. Now Write the appropriate rulebase to allow the SMTP to be forwarded and scrubbed by the antivirus server. 4

Select the destination of the valid-mailhost, with the service of SMTP with the resource of inbound-mail, and the action of Accept. 7. Validate the above configuration works by looking in the Log files to validate that the SMTP is being accepted and forwarded on to the Anti Virus machine and then to the Email Server. Trouble Shooting The Overview of the SMTP Security Server is shown below. If you have a problem, there are three places where the system may not be working. They are the following: 1. Connection between the Email Client and the Firewall SMTP Security Server 2. Connection between the Firewall Mail Dequeuer and the Anti Virus Server 3. Connection between the Firewall Mail Dequeuer and the Final Email Server SMTP Security Server Email Firewall Firewall puts Email into the Incoming Queue and Names them beginning with a T T-Email Queue Process Firewall renames the email to a temporary file T filename and waits SMTP_SLEEP seconds before it renames the file to R filename which indicates it is in a ready state to be De-queued. Note: you can set this variable to a longer period to see if the file gets into the queue. This will allow you to copy the T email into another directory and examine it s contents. This will make the SMTP Server run slower. Set the Environment Variable and then perform the following Command: fw kill fwd; fwd Once the Email has a ready state value, the Dequeuer can then forward this on to the Anti Virus Server if configured R-Email De-Queue Process Anti Virus Server will Scrub the Email and forward it back to the Firewall Anti Virus Server Anti Virus Server The Email is now ready to be forwarded to the Email Server 5

Troubleshooting Step 1. 1. Always look in the log file to see if the email connection is accepted from the appropriate rule in the rulebase. In our case, rule number 1 should have accepted the SMTP Connection to the Valid-Mailhost. Also check the "Info" portion of the log file. This is where the connection is described in more details. 2. Make sure the email has completed the queuing process and has a name of "T " under the spool directory. This should be located under the default installation directory of: Windows NT = \winnt\fw\spool Unix = /etc/fw/spool 3. If there is no file in this directory after the email has been sent by the client, and the log file tells us that the SMTP Connection has been accepted, make sure the SMTP Security Server has been configured. Validate this by running the following: Windows NT = \winnt\fw\bin\fwconfig Unix = /etc/fw/bin/fwconfig Make sure the SMTP Security Server is "checked" to start with the other Firewall Security Servers. This will place a "asmtpd" entry into the \winnt\fw\conf\fwauthd.conf file as follows (Unx = /etc/fw/conf/fwauthd.conf) C:\WINNT\FW\conf>type fwauthd.conf 259 aclientd wait 259 23 atelnetd wait 0 21 aftpd wait 0 80 ahttpd wait 0 513 arlogind wait 0 25 asmtpd wait 0 10081 lhttpd wait 0 C:\WINNT\FW\conf> 4. Run telnet to the Valid-Mailhost on port 25 to see if the SMTP Security Server works OK. On Windows 95/NT use the telnet client as follows: On Unix type in the following: telnet 192.192.192.192. 25 Enter the command "help" or "?" to see FW-1 smtp server replies. 5. Some additional tracing info may be in your \winnt\fw\log\asmtpd.log or /etc/fw/log/asmtpd.log. 6

Troubleshooting Step 2. 1. Make sure the firewall can ping the Anti Virus server for connectivity. 2. If this is successful, then see if the Anti Virus software has received an email from the Firewall. This will tell you if the Firewall has accepted the email from the client, queued it, renamed the email and forwarded this on to the Anti Virus Server. 3. Validate that the Proper CVP ports are configured on the Anti Virus Machine and the Firewall Resource. This is done in Step 4 above. By Default the FW1_cvp is using port 18181. 4. Use a packet sniffer, or the "Snoop" command in Unix or the Network Monitor Agent in NT to see if the Firewall dequeuer has any communication with the Anti Virus Machine. Troubleshooting Step 3. 1. Make sure you can ping the final Email Server 2. Try and use the SMTP Resource without the Anti Virus Server defined in the configuration step 5B above. Now download the Security Policy to the firewall again and see if the Email will pass from the Queuer to the Dequeuer and then on to the Email Server. If this is OK, then the process is not working correctly in step 2. 3. Try and telnet from the firewall to the final Email Server on port 25 to see if you can make a connection. This will tell you if the SMTP process on the Email Server is configured and active, so that the Dequeuer can forward the emails to the Email Server. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information