This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
chuka01
Contributor
3 weeks ago
Jump to solution

Configuring DynamicID to use Internal SMTP server

We are currently configuring dynamicID on a remote access gateway. I have tested with cloud SMTP servers (Sendgrid and AWS SES), and the OTPs were delivering on the R80.40 gateway.

However, we have an internal SMTP relay, and we want to use that instead. We have tested, and the error says "dynamicId sending failure, press r to retry".

The logs show that SMTP traffic was sent to the Internal relay and we have whitelisted the IPs of the gateway, but no OTPs are being delivered. Our network topology is Checkpoint Security gateways on the perimeter, and Palo Alto firewalls to filter internal traffic.

No traffic logs show traffic from the checkpoint gateway to the SMTP relay on Palo Alto either. A major reason for using the internal SMTP relay is because our ISPs here block SMTP traffic over port 587, and so we cannot ideally use the cloud SMTP servers.

Thanks for reading through, and for your assistance. I can provide any more information as needed. Thanks.

0 Kudos
1 Solution

Accepted Solutions
simonemantovani
MVP Silver
MVP Silver
3 weeks ago
In response to chuka01
Jump to solution

Well, if the traffic leaves the Check Point, the issue is outside the firewall; 10.45.10.3 is the VIP address or the IP address of the physical interface?

If it's not the VIP, then you should check traffic coming from the VIP address on your SMTP server and PAN firewall.

View solution in original post

0 Kudos
5 Replies
simonemantovani
MVP Silver
MVP Silver
3 weeks ago
Jump to solution

To be honest I never tested id but you should configure the SMTP in the Dynamic ID Settings section within the VPN CLients -> Authentication.

See attached screenshots.

 

 

Preview file
61 KB
Preview file
95 KB
0 Kudos
chuka01
Contributor
3 weeks ago
In response to simonemantovani
Jump to solution

Hello Simone, thanks for responding. I have done this and tested with some cloud SMTP servers (Sendgrid and AWS SES). However  I am trying to integrate with our internal SMTP relay, is where i am getting the issue from. The traffic is leaving checkpoint on the eth2 interface (10.45.10.3) and is showing accepted in logs, but this traffic never gets to the SMTP relay, or shows up in our Palo Alto internal firewall logs.

0 Kudos
simonemantovani
MVP Silver
MVP Silver
3 weeks ago
In response to chuka01
Jump to solution

Well, if the traffic leaves the Check Point, the issue is outside the firewall; 10.45.10.3 is the VIP address or the IP address of the physical interface?

If it's not the VIP, then you should check traffic coming from the VIP address on your SMTP server and PAN firewall.

0 Kudos
chuka01
Contributor
3 weeks ago
In response to simonemantovani
Jump to solution

Thanks for your response. 10.45.10.3 is the physical IP address. I will check for traffic coming from the VIP and come back, thanks.'

0 Kudos
chuka01
Contributor
3 weeks ago
In response to chuka01
Jump to solution

Hello @simonemantovani , 10.45.10.3 was the physical IP. searching by the VIP resolved the issue, so i created a rule allowing traffic from that IP. Now i just have to troubleshoot why the SMTP server is not sending the OTP, thank you.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Thu 07 May 2026 @ 01:30 PM (AEST)

    CheckMates Live Sydney
    In-Person

    Thu 07 May 2026 @ 11:30 AM (CDT)

    Nashville: Humans & AI: A Real Conversation
    In-Person

    Tue 19 May 2026 @ 08:00 AM (EDT)

    Montreal: P’tits déj Cyber! | Cyber Breakfasts!
    In-Person

    Tue 02 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Aarhus
    In-Person

    Wed 03 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Copenhagen
    CheckMates Events