This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shivajith_S
Contributor
‎2018-08-17 09:35 AM

Firewall not receving Smtp

The scenario is Smtp packet nor able to reach cp security gateways from external to inside ( it's means from internet ) traffic hit can not see in the firewall logs for Smtp,  did not done any changes on the policy , hence  twisted is can able to telnet the public ip with port 25 from outside , But this traffic also not able to see in the logs , total mails are down from external to internal , in ISP side able to see the smtp traffic ...even not showing accept or drop ...

Bit wied issue...

5 Replies
Gomboragchaa
Advisor
‎2018-08-17 10:15 AM

In this case, it is better to contact TAC.

I had same issue once time. We didn't receive any email from external mail servers.

The issue was IPS. I suggest to you should check log Prevent action from SmartLog Tracker. If it is IPS prevent, you have to create exception on Threat Prevention rule.

0 Kudos
Shivajith_S
Contributor
‎2018-08-17 10:31 AM
In response to Gomboragchaa

In this case did failover in firewall ( firewall in cluster )started to receive. 

Do know why is the root cause...

Do migth be the issue with hotfix ?

Running take 46 r80.1 over ver.

0 Kudos
Steve_Moran1
Contributor
‎2018-08-17 12:11 PM

You can try to do an fw ctl zdebug + drop | grep smtp from expert mode on the gateway, and perhaps see why its being dropped.  

0 Kudos
Mario_Zuker
Employee
Employee
‎2018-08-20 09:41 AM

Seems the R80.10 Jumbo Hotfix Accumulator you are using is old

please see sk116380 - Jumbo Hotfix Accumulator for R80.10 for information regarding latest JHF versions

What blades are enabled on the cluster? Is the issue still reproducing after cluster fail-over? did you open a ticket with TAC that we can track? You can contact me offline at marioz@checkpoint.com

0 Kudos
Shivajith_S
Contributor
‎2018-08-23 05:24 AM
In response to Mario_Zuker

Hi Mario Zuker,

The issue was resolved , we cleared the arp, made failover...now it's able to see traffic .but our partner got log and submitted to CP TAC they said got some connectivity issue , I am not sure why onli one traffic affected remain all working the same connection still mystery...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top