Create a Post
seanmc12
Contributor

Allowing native email on mobile clients connected to company network

We have 2 6500 Checkpoint firewalls in an HA configuration running R80.40. We recently stood up a new wireless Guest network and are allowing basic protocols...http/https. When users connect to the guest network, then open cox email, emails fail to send. I look at the email configuration and some are setup to use imap/pop. I went into the logs to see what was being blocked to better identify what protocols I should allow at a minimum to complete the email process. I am not seeing any traffic AT ALL as being dropped or blocked. I was thinking I could see that such and such was being blocked/dropped by a specific rule or by the clean up rule, but all traffic is green and accepted. Is there another way to tell why the email won't send on this network if I can't see the traffic being addressed?

0 Kudos
4 Replies

Are all the applicable rules set to log?

If you see the traffic accepted in the logs take a closer look at the NAT details and compare it with the working HTTP/HTTPS traffic.

0 Kudos
seanmc12
Contributor

Thanks, We have 1 rule for traffic that hits our Guest VLan. The rule is set to accept all traffic that is of a set of protocols and the rule is set to log all of the traffic.

0 Kudos
the_rock
Champion
Champion

I agree with @Chris_Atkinson . Thats the first thought that came to my mind when I read your post.

0 Kudos
Wolfgang
Mentor
Mentor

@seanmc12 agreed with @Chris_Atkinson @and @the_rock 

I‘m really sure your guest wireless network will be NATed behind one of the the gateways IP addresses. Check the NAT entries of the log for your mail communication. If there NAT is done, you can create a NAT rule to not doing NAT for traffic from your guest network to the mailservers.

0 Kudos