CheckPoint SmartDefense and SMTP

We have a firewall that has CheckPoint's SmartDefense features
enabled. There appears to be an SMTP Server installed on the firewall
that is preventing us from using SMTP Authentication. Attempting to
connect to our SMTP Server from outside the firewall revealed that the
SMTP Security Server in the firewall is handling external SMTP
requests.

What is the best way to fix this problem? We've been unable to figure
out how to turn off the SMTP Security Server so SMTP requests connect
directly to our internal server. That might not be the best solution,
but it might be our only option.

Re: CheckPoint SmartDefense and SMTP

What version of Check Point are you using?

If you're using the external IP of the firewall as your SMTP server address,
that would explain what you're seeing.

Security Servers have nothing to do with SmartDefense. Check through the
Help for "resources" which is what Check Point calls their security servers.
Usually they are turned of unless they're used in a rule. The cell in the
rule will look "funny" because it will have an arrow thingy rather than just
a word.

Ray

"Matt" wrote in message
news:1188330295.328991.71580@19g2000hsx.googlegroups.com...
> We have a firewall that has CheckPoint's SmartDefense features
> enabled. There appears to be an SMTP Server installed on the firewall
> that is preventing us from using SMTP Authentication. Attempting to
> connect to our SMTP Server from outside the firewall revealed that the
> SMTP Security Server in the firewall is handling external SMTP
> requests.
>
> What is the best way to fix this problem? We've been unable to figure
> out how to turn off the SMTP Security Server so SMTP requests connect
> directly to our internal server. That might not be the best solution,
> but it might be our only option.
>

Re: CheckPoint SmartDefense and SMTP

Matt wrote:
> We have a firewall that has CheckPoint's SmartDefense features
> enabled. There appears to be an SMTP Server installed on the firewall
> that is preventing us from using SMTP Authentication. Attempting to
> connect to our SMTP Server from outside the firewall revealed that the
> SMTP Security Server in the firewall is handling external SMTP
> requests.

and it is supposed to transparently forward the mails to your internal server.
it's a first line defense for harvesting attacks, you can rewrite headers or strip script tags for instance.

> What is the best way to fix this problem?
why is it a problem?

>We've been unable to figure
> out how to turn off the SMTP Security Server so SMTP requests connect
> directly to our internal server. That might not be the best solution,
> but it might be our only option.
>

delete/disable the resource and configure a regular nat/access rule for your smtp server.
has nothing to do with smart defense.


M

Re: CheckPoint SmartDefense and SMTP

First off, I have to admit I am not an expert on Firewalls, so bare
with me if I say anything that reveals my ignorance.

> JJ: What version of Check Point are you using?

NGX R60 (Build 418) is what I saw under Help -> About

> mak: why is it a problem?

My boss recently got an iPhone and was wanting to connect to our SMTP
Server to send messages. No one has really ever needed to do this at
our company before, so the fact that the Firewall was set to filter
incoming SMTP requests was fine. The problem comes up because the
firewall doesn't support the AUTH command, so when our internal SMTP
server gets handed the SMTP commands, the AUTH command is not included
and it is unable to relay messages because of our security policy.

We have been searching through the menus in CheckPoint and so far we
have been unable to find anywhere that specifically enables this
Security Server, let alone where we can turn it off.

> JJ: The cell in the rule will look "funny" because it will have an arrow thingy rather than just a word.

Our version obviously doesn't show that, because the server is
definitely running, but there doesn't appear to any kind of special
icon on the run. Currently my boss is just using his Earthlink SMTP
to be able to send mail, but it would be nice to know why this feature
is running.

Re: CheckPoint SmartDefense and SMTP

Matt wrote:
> First off, I have to admit I am not an expert on Firewalls, so bare
> with me if I say anything that reveals my ignorance.
>
>> JJ: What version of Check Point are you using?
>
> NGX R60 (Build 418) is what I saw under Help -> About
>
>> mak: why is it a problem?
>
> My boss recently got an iPhone and was wanting to connect to our SMTP
> Server to send messages. No one has really ever needed to do this at
> our company before, so the fact that the Firewall was set to filter
> incoming SMTP requests was fine. The problem comes up because the
> firewall doesn't support the AUTH command,
I wasn't aware of that, I would need more research...maybe ask and search here:
http://www.cpug.org/forums/

I assume there is a way to tune that..

>so when our internal SMTP
> server gets handed the SMTP commands, the AUTH command is not included
> and it is unable to relay messages because of our security policy.
>
> We have been searching through the menus in CheckPoint and so far we
> have been unable to find anywhere that specifically enables this
> Security Server, let alone where we can turn it off.

smart dashboard 3rd tab: resources (right click:where used)
i'm not gonna delete mine now :-)
I assume you have to disable all rules where it is used before you can delete it.

>> JJ: The cell in the rule will look "funny" because it will have an arrow thingy rather than just a word.
>
> Our version obviously doesn't show that, because the server is
> definitely running, but there doesn't appear to any kind of special
> icon on the run.

looks like the "resource" symbol here..

>Currently my boss is just using his Earthlink SMTP
> to be able to send mail, but it would be nice to know why this feature
> is running.

ask the people who installed / configured your checkpoint...
there might be a reason :-)
M