Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
willyng18
Participant

R77.30 FW showing SMTP deny in logs

Hi all,

One of my customer environment with checkpoint fw R77.30, we found on fw logs keep showing

SMTP reject from DR tunnel to Production network. The policy should be allowed SMTP from DR site to Production network, any one know what could be root cause? Is it IPS or other issuescheckpoint SMTP reject.JPG cause it.

 

Greatly appreciate for your advise.

 

 

9 Replies
PhoneBoy
Admin
Admin

It looks like it is being dropped on Rule 3 according to the screenshot you've provided.
What precisely does that rule say?
Have you verified the source and destination are covered by the objects in that rule?
0 Kudos
willyng18
Participant

HI, Sorry for late reply, last week was away for training.

Rule no. 3 suppose allowed DR (S2S2Alpha) access to PROD tunnel with allowed all services, but we still found rejected on SMTP service.

 

 

Rule 3.JPG

 

PhoneBoy
Admin
Admin

Perhaps the log card will tell us why it is dropping.
Can you click on one of the log entries and show the details? (With sensitive details masked)
0 Kudos
willyng18
Participant

Hi,

 

Refer below, reason Private command: X-ANONYMOUSTLS

 

is it certificate issue?

0 Kudos
PhoneBoy
Admin
Admin

0 Kudos
willyng18
Participant

Hi,

DLP didn't enabled, the anti virus subscription is expired, will it cause reject smtp service?

if based on Solution provided, I can't get block_private_commands parameter through (C:\Program Files (x86)\CheckPoint\SmartConsole\R77.10\PROGRAM, my version is R77.3.

0 Kudos
PhoneBoy
Admin
Admin

Replace R77.10 with R77.30 in the path.
willyng18
Participant

data block.JPGR77.3.JPGHI , actually I access the path for R77.30, just can't find block_private_commands parameter

0 Kudos
PhoneBoy
Admin
Admin

You're looking for the GUIdbedit binary, which you then use to find the specific parameter.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events