NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] What ports are secure to open



Hello,
We have a fairly secure infrastructure at our site when it comes to services
that have been restricted on our firewall. However, there seems to be an
escalating demand to open up more ports from top management. These services
are not really a necessity - more like a luxury. However, the top management
don't really understand the security risks associated with opening up ports
on the firewall. Is there a site which tells you exactly what
vulnerabilities you expose your network to when you open up specific ports
(well known ports). For instance, Real Audio, NNTP etc.


-----Original Message-----
From: Ivan More [mailto:[email protected]]
Sent: Monday, May 28, 2001 2:58 AM
To: Chris F
Cc: [email protected]
Subject: Re: [FW1] 2 mail servers through one FW-1



Hi,

Thanks Chris for your advise.

In the FW1 log, it shows emails coming to our valid
Internet IP and reject to our Internal IP.

In our previous config, the log will show that emails
to our valid IP on one line then another line showing
emails going to our internal IP after scanning by our
anti-virus server. 

But the above problem was 'solved' when we found that
we need to indicate which interface (internal Ip
address not the valid IP of FW) from the FW-1 the
emails are coming from on the Exchange 2K mail server
(new setup).

BUT now, we get another error (reject)

agent mail dequeuer orig_from <[email protected]>
orig_to <[email protected]> from
<[email protected]> to <[email protected]>
reason <helo firewall> failed: 501 5.5.4 Invalid
Address.

Have anyone seem this error, is this a FW-1 error or
is this an MS exchange 2K error?

Cheers,
Ivan

--- Chris F <[email protected]> wrote:
> Hi Ivan,
> 
> What does it say in your FW1 log when Resource1
> fails?
> 
> Do you know what MXer incoming emails will be coming
> in from that will apply to Resource 1/ServerA? If
> so,
> perhaps try something like:
> 
> vendorMXers -- EmailSvrA -- SMTP
> Any -- EmailSvrB -- SMTPwithResource
> 
> That way, if FW1 is confused to multiple resource
> rules, you are just using one.
> 
> You probably don't have this luxury... if so, why
> don't you have ServerB just get all the email, then
> have it forward *@external-email.com to ServerA?
> 
> Or, some similar configuration. Just a thought.
> 
> I am surprised that your current setup does not
> work.
> Double check your Resource rules. Try temporarily
> disabling the Resource2 rule -- and see if ServerA
> will get mail.
> 
> Good Luck -- Chris
> 
> --- Ivan More <[email protected]> wrote:
> > 
> > Hi,
> > 
> > My mail seems to have got lost therefore I am
> > sending
> > it again. 
> > 
> > We have 2 email servers set up. One solely to
> return
> > emails from a particular vendor, the other to
> > receive
> > emails from all others meant for our company.
> > 
> > Source     Destination       Services
> > Any        Email server A    SMTP with resource 1
> > Any        Email server B    SMTP with resource 2
> > 
> > Both the mail servers are NAT to our external IP.
> > 
> > SMTP with resource 1 - the match field in the SMTP
> > definition is set to allow only emails from
> > *@external-email.com (Sender) to email server A.
> > 
> > SMTP with resource 2 - the match field in the SMTP
> > definition is set to allow only emails intended
> for
> > our company *@our-email.com (recipient) Email
> server
> > B.
> > 
> > After the above config, we could not receive any
> > email
> > from *@external-email.com.
> > 
> > But we are able to receive any emails intended for
> > *@our-email.com.
> > 
> > 
> > Cheers,
> > Ivan
> > 
> > 
> >
>
_______________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.ca address at
> > http://mail.yahoo.ca
> > 
> > 
> >
>
============================================================================
====
> >      To unsubscribe from this mailing list, please
> > see the instructions at
> >               
> > http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
====
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great
> prices
> http://auctions.yahoo.com/


_______________________________________________________
Do You Yahoo!?
Get your free @yahoo.ca address at http://mail.yahoo.ca


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.