Can we configure MTA in bridge mode on Checkpoint TE appliance?

I have configured TE appliance in bridge mode. Threat emmulation is working fine but have a doubt if it supports MTA in bridge mode.Please help

You can but setup needs to be proper on the network layer:

You must configure two dedicated network interface with IP to be used by the MTA.

So emails will be routed completely through these two interfaces.

A network packet that is seen by one of those two interfaces must NEVER be seen on the bridge.

Otherwise it will implicitly be dropped because the same packet was seen twice (on MTA interface and on bridge) which is a security violation and leads to a packet drop.

Regards Thomas


Hello @Thomas_Werner,

I see that the question is related to TE Appliance. Is the solution applicable to a Security Gateway? 



Should still apply on a regular Security Gateway with the same restrictions.