- Create an workstation object.
- You can name it smtp-server
- Under IP address put the ip address of the mail server.
- Go to NAT tab
- Choose automatically static translation.
- Put the outside (Legal) ip address this server will be
known from the Internet.
- Under Install on choose the firewall object.
- Create another workstation object
- You can name it SMTP_Server_Legal
- Under IP address put the IP address you entered on 6.
- Create a group object
- Name it SMTP or Mail.
- Include both objects in this group (smtp-server and
SMTP_Sever_Legal).
- On the Rule base create a rule as:
- SMTP Any SMTP Accept Long
- For anti-spoofing you need to create another group (Internal-spoof)
and include you internal network object and the workstation object SMTP_Server_legal.
- Edit the firewall object.
- Go to Interface tab
- Choose internal interface
- Choose Edit
- Under Valid Address select specific and include
Internal-spoof object on the list.
- Press ok, ok.
- Now you will need to create proxy arp so the firewall
external interface can respond to request to the SMTP_Server_Legal IP
address from the Internet.
- If you are using Windows NT, create a file name local.arp
in c:\winnt\fw\state\local.arp.
- Put the external ip address (SMTP_Server_Legal) and the
MAC address of the external interface of the firewall. You can get this by
using the ipconfig/all command.
- Now create a static route for the SMTP server as route
add SMTP_Server_Legal Internal IP Adress of SMTP-Server –p.
- Re-install the Security Policy.
- Now verify everything is working.
- You may need to add another rule allowing SMTP traffic
from the Internet to the Mail server. It all depends on you security policy
needs/requirements.
This of course is assuming you Mail server behind the firewall is not using
a legal IP address.
Carlos Roque
Network Consultant
CCSA
GlobalNetwork Technology Services, L.A.
-----Original
Message-----
From: Mailing list for discussion
of Firewall-1 [mailto:[email protected]]On Behalf Of Devon Harding - GTHLA
Sent: Monday, April 15, 2002 8:11
AM
To: [email protected]
Subject: Re: [FW-1] Outbound CVP
SMTP to the Internet...
-----Original
Message-----
From: Carlos Roque
[mailto:[email protected]]
Sent: Wednesday,
April 10, 2002 5:14 PM
To:
[email protected]
Subject: Re: [FW-1] Outbound CVP
Can you explain what you mean by outbound?
1. SMTP coming from the
Internet?
2. SMTP going out to the
Internet?
Carlos
Roque
Network
Consultant
CCSA
GlobalNetwork Technology Services, L.A.
-----Original
Message-----
From: Mailing list for discussion
of Firewall-1 [mailto:[email protected]]On Behalf Of Devon Harding - GTHLA
Sent: Wednesday,
April 10, 2002 3:27 PM
To:
[email protected]
Subject: [FW-1] Outbound CVP
How do
I set up a rule to allow outbound smtp to my smtp security server.
__________________
Devon Harding
System Administrator
Gilat Latin America
[email protected]
This e-mail is intended for the above named addressee(s), and may
contain information which is confidential or privileged. If you are not the
intended recipient, please inform us immediately: you should not copy or use
this e-mail for any purpose nor disclose its contents to any person.