NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Outbound CVP

  1. Create an workstation object.
  2. You can name it smtp-server
  3. Under IP address put the ip address of the mail server.
  4. Go to NAT tab
  5. Choose automatically static translation.
  6. Put the outside (Legal) ip address this server will be known from the Internet.
  7. Under Install on choose the firewall object.
  8. Create another workstation object
  9. You can name it SMTP_Server_Legal
  10. Under IP address put the IP address you entered on 6.
  11. Create a group object
  12. Name it SMTP or Mail.
  13. Include both objects in this group (smtp-server and SMTP_Sever_Legal).
  14. On the Rule base create a rule as:
    1. SMTP   Any      SMTP   Accept  Long
  15. For anti-spoofing you need to create another group (Internal-spoof) and include you internal network object and the workstation object SMTP_Server_legal.
  16. Edit the firewall object.
  17. Go to Interface tab
  18. Choose internal interface
  19. Choose Edit
  20. Under Valid Address select specific and include Internal-spoof object on the list.
  21. Press ok, ok.
  22. Now you will need to create proxy arp so the firewall external interface can respond to request to the SMTP_Server_Legal IP address from the Internet.
  23. If you are using Windows NT, create a file name local.arp in c:\winnt\fw\state\local.arp.
  24. Put the external ip address (SMTP_Server_Legal) and the MAC address of the external interface of the firewall. You can get this by using the ipconfig/all command.
  25. Now create a static route for the SMTP server as route add SMTP_Server_Legal Internal IP Adress of SMTP-Server –p.
  26. Re-install the Security Policy.
  27. Now verify everything is working.
  28. You may need to add another rule allowing SMTP traffic from the Internet to the Mail server. It all depends on you security policy needs/requirements.

 

This of course is assuming you Mail server behind the firewall is not using a legal IP address.

 

Carlos Roque

Network Consultant

CCSA

GlobalNetwork Technology Services, L.A.

 

-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Devon Harding - GTHLA
Sent: Monday, April 15, 2002 8:11 AM
To: [email protected]
Subject: Re: [FW-1] Outbound CVP

 

SMTP to the Internet...

 

-----Original Message-----
From: Carlos Roque [mailto:[email protected]]
Sent: Wednesday, April 10, 2002 5:14 PM
To: [email protected]
Subject: Re: [FW-1] Outbound CVP

 

Can you explain what you mean by outbound?

 

1.       SMTP coming from the Internet?

2.       SMTP going out to the Internet?

 

Carlos Roque

Network Consultant

CCSA

GlobalNetwork Technology Services, L.A.

 

-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Devon Harding - GTHLA
Sent: Wednesday, April 10, 2002 3:27 PM
To: [email protected]
Subject: [FW-1] Outbound CVP

 

How do I set up a rule to allow outbound smtp to my smtp security server. 

 

__________________

Devon Harding

System Administrator

Gilat Latin America

[email protected]


This e-mail is intended for the above named addressee(s), and may contain information which is confidential or privileged. If you are not the intended recipient, please inform us immediately: you should not copy or use this e-mail for any purpose nor disclose its contents to any person.

 


  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.