[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Firewall log not consistant with rule base.

To: "'[email protected]'" <[email protected]>
Subject: RE: [FW1] Firewall log not consistant with rule base.
From: "David E. Hoobler Jr." <[email protected]>
Date: Tue, 5 Sep 2000 13:38:51 -0500
Sender: [email protected]


I have two rules that are referenced in the log file:

Number		Source		Destination	Service
Action	Track	Install On	Time
1		Any		"mail server"	smtp->SMTPscan (service
with resource)		Accept	Long	Gateways	Any
2		"mail server"	Any	SMTP	smtp->SMTPscan
Accept	Long	Gateways	Any

The resource is eSafe Protect Gateway configured as a CVP server.

There are entries in the log file that reference rule number 1.  The
action is "Reject".  The Info field contains: "Error notification:
originally orig_from <sender> orig_to <recipient> from <sender> to
<recipient>...  The action for the rule is Accept, not Rject.

There are entries in the log file that reference rule number 2.  The
action is also "Reject".  the info field contains: "agent mail dequeuer
orig_from...

It is not clear to me how a rule that has as its action "accept" can
generate a "Reject" in the log file.  Has any one else seen this?  It is
also not clear to me how this can only affect a few sites.  Most of my
E-mail is getting through, including this message.

Thanks,
David Hoobler


 -----Original Message-----
From: 	Ilya Akinfiev [mailto:[email protected]] 
Sent:	Friday, September 01, 2000 10:19 PM
To:	'David E. Hoobler Jr.'
Subject:	RE: [FW1] Firewall log not consistant with rule base.

what is in the 'info' field of the rejection msgs? is the esafe process
up
and running? are you using opsec authentication?

just a few things to look for

cheers
ilya

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
David E. Hoobler Jr.
Sent: Friday, September 01, 2000 3:11 PM
To: [email protected]
Subject: [FW1] Firewall log not consistant with rule base.



I am getting SMTP rejections from a rule that has its action as
"Accept".  I am scanning inbound and outbound messages for viruses with
E-safe.  There are several sites that  can not send to.  All SMTP
packets are reported as rejected in the log.

Pulling my hair out in Houston,
David Hoobler



========================================================================
====
====
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
====
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Question about the whole SecuRemote/NAT Issue
Next by Date: RE: [FW1] gateway connected to both endpoints scheme
Prev by thread: RE: [FW1] Question about the whole SecuRemote/NAT Issue
Next by thread: [FW1] Accept VPN-1 & Firewall-1 control connection (4.0 vs 4.1SP2)
Index(es):
- Date
- Thread