This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
seanmc12
Contributor
‎2022-05-05 01:23 PM

Allowing native email on mobile clients connected to company network

We have 2 6500 Checkpoint firewalls in an HA configuration running R80.40. We recently stood up a new wireless Guest network and are allowing basic protocols...http/https. When users connect to the guest network, then open cox email, emails fail to send. I look at the email configuration and some are setup to use imap/pop. I went into the logs to see what was being blocked to better identify what protocols I should allow at a minimum to complete the email process. I am not seeing any traffic AT ALL as being dropped or blocked. I was thinking I could see that such and such was being blocked/dropped by a specific rule or by the clean up rule, but all traffic is green and accepted. Is there another way to tell why the email won't send on this network if I can't see the traffic being addressed?

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-05-05 04:13 PM

Are all the applicable rules set to log?

If you see the traffic accepted in the logs take a closer look at the NAT details and compare it with the working HTTP/HTTPS traffic.

CCSM R77/R80/ELITE
0 Kudos
seanmc12
Contributor
‎2022-05-06 04:43 AM
In response to Chris_Atkinson

Thanks, We have 1 rule for traffic that hits our Guest VLan. The rule is set to accept all traffic that is of a set of protocols and the rule is set to log all of the traffic.

0 Kudos
the_rock
Legend
Legend
‎2022-05-05 05:56 PM

I agree with @Chris_Atkinson . Thats the first thought that came to my mind when I read your post.

0 Kudos
Wolfgang
Authority
Authority
‎2022-05-06 08:25 AM

@seanmc12 agreed with @Chris_Atkinson @and @the_rock 

I‘m really sure your guest wireless network will be NATed behind one of the the gateways IP addresses. Check the NAT entries of the log for your mail communication. If there NAT is done, you can create a NAT rule to not doing NAT for traffic from your guest network to the mailservers.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events