Re: [FW-1] RES: [FW-1] Static NAT problems on a Win2K SP3 Se rver with FW-1 NG FP1

[Ian Gilfillan <ian.gilfillan@FW1-NOSPAMTRADINGSPORTS.COM>]

I think I have had a similar issue. Here is what I did. This is on a
nokia but you should be able to convert.

1. Created an ARP entry on the firewall platform for the external
address.
2. Create a static route on the firewall platform pointing from the
external address to the internal address or the next nearest
router/gateway if on a subnet.
3. In Checkpoint create an object for the external interface.
4. Create an object for the Internal Interface.
5. Create a rule which says Any-->External-->SMTP(etc)-->Allow
6. Create a rule which says Internal-->Any-->SMTP (etc)-->Allow
7. Create a NAT Rule Internal-->Original--
Original||External-->Internal-->Original
8. Create a NAT Rule Original-->External--
Original||Original-->Internal-->Original


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST@beethoven.us.checkpoint.com] On Behalf Of Trent
Libby
Sent: 19 September 2002 14:33
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] RES: [FW-1] Static NAT problems on a Win2K SP3 Se
rver with FW-1 NG FP1

Ok, I guess I can see how that may work, but why would I need to do that
when I can hook up a regular Broadband router and SMTP traffic goes
through
fine.  It seems to me that something in the Firewall is not working
properly, but I just cannot seem to find what it is.

Trent Libby


-----Original Message-----
From: Fabricio Sim�o [mailto:fsimao@COMPUGRAF.COM.BR]
Sent: Thursday, September 19, 2002 6:54 AM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: [FW-1] RES: [FW-1] Static NAT problems on a Win2K SP3 Server
with
FW-1 NG FP1

Hi Trent,

I had the same problem on a customer and we solved putting a static
route for the valid SMTP server on the Internet router.


Fabricio

-----Mensagem original-----
De: Trent Libby [mailto:trent@SYSDYNEINC.COM]
Enviada em: quarta-feira, 18 de setembro de 2002 12:00
Para: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Assunto: [FW-1] Static NAT problems on a Win2K SP3 Server with FW-1 NG
FP1


I have been having some major problems trying to get my Static NAT to
work
on my Win2K Server.  This static NAT is set up for my SMTP server, but
everything I try to do does not seem to work.  I originally set it up
with
the Automatic NAT and ARP, but that was not working.  After a little
research I found a Sample Configuration with NAT on Phoneboy.com.  I
followed what he was telling me, but for some reason it would not route
through my server.  I checked the Logs and there was no SMTP traffic
even
touching the server.  I could ping the external IP with no problems from
the
outside though.  Not sure why the SMTP traffic would not hit the
Firewall
though.

I then did a bit more research and found that I might try to add the
External IP of my SMTP server to my External interface through advanced
properties. After I did this SMTP traffic would hit the firewall, but it
would still not route to my internal SMTP server.  I sent some test
mails
and all of them failed.  When I got the failed message it said it failed
due
to relay not being enabled on the server.

What am I missing to get this thing to route traffic to the inside?  If
anyone has some ideas please let me know as I really need to get this up
and
going for my customer.

Trent Libby

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================